167 matches found
EUVD-2008-2223
Malware in sbrugna...
EUVD-2023-54902
Malicious code in bioql PyPI...
EUVD-2022-34416
Malicious code in bioql PyPI...
EUVD-2022-43301
Malicious code in bioql PyPI...
EUVD-2024-35341
Malicious code in bioql PyPI...
EUVD-2022-43608
Malicious code in bioql PyPI...
EUVD-2022-50176
Malicious code in bioql PyPI...
EUVD-2022-50177
Malicious code in bioql PyPI...
CVE-2022-40317
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element...
CVE-2022-3969
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
CVE-2012-2316
Cross-site request forgery CSRF vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp...
CVE-2019-11445
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...
CVE-2024-35475
A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...
CVE-2024-35475
A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...
CVE-2024-35475
A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...
CVE-2024-35475
A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...
CVE-2024-35475
A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...
CVE-2024-35475
OpenKM Community Edition versions 6.3.12 and earlier are affected by CVE-2024-35475, a CSRF vulnerability in the /admin/DatabaseQuery endpoint. The issue allows an attacker with administrative privileges to instruct the victim to execute arbitrary SQL commands. Impact is described as potential ma...
OpenKM 安全漏洞
OpenKM is a document management system from the Spanish company OpenKM. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM 6.3.12 and earlier versions, which stems from a cross-site request forgery CSRF vulnerability ...
PT-2024-26513
Name of the Vulnerable Software and Affected Versions OpenKM Community Edition versions 6.3.12 and earlier Description A Cross-Site Request Forgery CSRF issue was found in the "admin/DatabaseQuery" endpoint, allowing an attacker to manipulate a victim with administrative privileges into executing...