48 matches found
CVE-2021-41932
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc...
Sql injection
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc...
CVE-2021-41932
CVE-2021-41932 concerns Wolters Kluwer TeamMate+ Audit, affected version 28.0.19.0. A blind SQL injection exists in the search form, enabling any authenticated user to inject malicious SQL. The underlying cause is a lack of proper filtering/escaping of SQL data in the search forms. Reported impac...
CVE-2021-41932
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc...
Wolters Kluwer TeamMate+ Audit SQL注入漏洞
Wolters Kluwer TeamMate Audit is a cloud-based audit management tool from Wolters Kluwer Netherlands. A SQL injection vulnerability exists in Wolters Kluwer TeamMate Audit version 28.0.19.0, which stems from a lack of filtering and escaping of SQL data in search forms. An attacker could use this...
SecurityScorecard: HTML injection through Invite Teammate email
Summary: I found HTML injection on domain https://platform.securityscorecard.io/ when we send invite teammate email. In this case "message" parameter is vulnerable. Steps To Reproduce: 1. Go to page https://platform.securityscorecard.io/ and login. 2. Now go to page...
CVE-2021-44035
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...
CVE-2021-44035
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...
Code injection
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...
CVE-2021-44035
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...
CVE-2021-44035
CVE-2021-44035 affects Wolters Kluwer TeamMate AM 12.4 Update 1. The vulnerability stems from mishandling of attachment uploads, enabling an authenticated user to download and execute malicious files. The available connected documents confirm the affected product and the root cause as described, ...
Wolters Kluwer TeamMate AM 安全漏洞
Wolters Kluwer Financial Services TeamMate+ is a suite of financial audit management software from Wolters Kluwer Financial Services, USA. A security vulnerability exists in Wolters Kluwer TeamMate AM that stems from improper handling of attachment uploads, so that an authenticated user could...
CVE-2019-10253
A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...
CVE-2019-10253
A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...
CVE-2019-10253
A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...
CVE-2019-10253
The CVE-2019-10253 entry concerns TeamMate+ 21.0.0.0 and describes a Cross-Site Request Forgery (CSRF) flaw in Upload/DomainObjectDocumentUpload.ashx where CSRF token validation is not performed for POST requests, allowing a remote attacker to modify data or replace uploaded files. Connected sour...
Wolters Kluwer Financial Services TeamMate+ Cross-Site Request Forgery Vulnerability
Wolters Kluwer Financial Services TeamMate+ is a suite of financial audit management software from Wolters Kluwer Financial Services, USA. A cross-site request forgery vulnerability exists in Wolters Kluwer Financial Services TeamMate+, which can be exploited by an attacker to send unintended...
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
Hello, Please find the below vulnerability details, --------------------------------------------------------------------------------------------------------------------------------- Exploit Title: Wolters Kluwer TeamMate+ – Cross-Site Request Forgery CSRF vulnerability Date: 02/09/2019 Exploit...
Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery
Title: ==== Wolters Kluwer TeamMate+ Cross-Site Request Forgery CSRF vulnerability Credit: ====== Name: Bhadresh Patel CVE: ==== CVE-2019-10253 Date: ==== 19/03/2019 dd/mm/yyyy Vendor: ====== Wolters Kluwer is a global leader in professional information, software solutions, and services for the...