9 matches found
EUVD-2022-41831
Malicious code in bioql PyPI...
CVE-2022-39367
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...
CVE-2022-39367
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...
Code injection
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...
CVE-2022-39367
Summary of CVE-2022-39367 (QTIWorks) : Prior to version 1.0-beta15, QTIWorks Engine allows uploading QTI content ZIP packages. The ZIP handling code does not properly validate file paths inside ZIPs, enabling insertion of files into arbitrary locations writable by the Engine process and potential...
CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...
CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...
QTIWorks 路径遍历漏洞
QTIWorks is a standards-based evaluation delivery software suite from Dave McKain's personal developer. A security vulnerability exists in versions of QTIWorks prior to QTIWorks 1.0-beta15 that stems from allowing users to upload QTI content packages as ZIP files, where the ZIP processing code do...
CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...