4549 matches found
CVE-2024-25529
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wfofficefilehistoryshow.aspx...
CVE-2024-25529
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wfofficefilehistoryshow.aspx...
CVE-2024-25522
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the officemissiveid parameter at /WorkFlow/wfworkformsave.aspx...
CVE-2024-25522
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the officemissiveid parameter at /WorkFlow/wfworkformsave.aspx...
CVE-2024-25515
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wfworkfinishfiledown.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
CVE-2024-25519
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
CVE-2024-25519
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...
CVE-2024-25515
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wfworkfinishfiledown.aspx...
CVE-2024-25529
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wfofficefilehistoryshow.aspx...
PT-2024-20977 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkFlow/wf work finish file down.aspx" API endpoint...
PT-2024-20995 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: Error messages in RuvarOA were discovered to leak the physical path of the website, specifically at the /WorkFlow/OfficeFileUpdate.aspx endpoint. This issue can allow attackers to write files t...
PT-2024-20983 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the office missive id parameter at the "/WorkFlow/wf work form save.aspx" API endpoint. This allows attackers to inject malicious SQL. Recommendations:...
CVE-2024-25519
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...
CVE-2024-25522
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the officemissiveid parameter at /WorkFlow/wfworkformsave.aspx...
CVE-2024-25519
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...
PT-2024-20979 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the template id parameter at the "/WorkFlow/wf get fields approve.aspx" API endpoint...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of the idlist parameter of the /WorkFlow/wfworkprint.aspx file against externally entered SQL statements. An attacker can exploit this...