Lucene search
K

4558 matches found

Cvelist
Cvelist
added 2024/05/07 12:0 a.m.16 views

CVE-2024-25509

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wffiledownload.aspx...

8.2AI score0.00617EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.3 views

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkFlow/wffiledownload.aspx file against externally entered SQL statements. An attacker...

9.4CVSS8.2AI score0.00617EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.5 views

PT-2024-20971 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkFlow/wf file download.aspx" API endpoint...

9.4CVSS7.4AI score0.00617EPSS
Exploits1References4
CVE
CVE
added 2024/05/07 12:0 a.m.59 views

CVE-2024-25509

CVE-2024-25509 affects RuvarOA v6.01 and v12.01, where a SQL injection exists via the sys_file_storage_id parameter in the /WorkFlow/wf_file_download.aspx endpoint. Root cause appears to be lack of input validation for that parameter, enabling SQL statements to be interpreted by the database. Imp...

9.4CVSS8.3AI score0.00617EPSS
Exploits1References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/06 4:34 p.m.21 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-25026)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.5CVSS6.3AI score0.00792EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/03 7:20 a.m.45 views

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533

Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.4 views

The vulnerability of the Admin Screens and Grants UI components in the Oracle Workflow system, a task management system for enterprise automation in Oracle E-Business Suite, allows a perpetrator to execute arbitrary code.

The vulnerability of the Admin Screens and Grants UI components in the Oracle Workflow system, a component of the Oracle E-Business Suite for enterprise automation, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to...

9.1CVSS7.7AI score0.00723EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2024/04/24 5:4 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...

5.5CVSS8.3AI score0.00407EPSS
Exploits0References2
Snyk
Snyk
added 2024/04/24 5:4 p.m.1 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...

5.5CVSS8.3AI score0.00407EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/04/24 5:4 p.m.28 views

Umbraco Workflow's Backoffice users can execute arbitrary SQL

Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...

5.5CVSS8.1AI score0.00407EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/04/24 5:4 p.m.16 views

GHSA-287F-46J7-J4WH Umbraco Workflow's Backoffice users can execute arbitrary SQL

Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...

5.5CVSS6AI score0.00407EPSS
Exploits0References2
NVD
NVD
added 2024/04/24 3:15 p.m.10 views

CVE-2024-32872

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

5.5CVSS5.4AI score0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/24 2:46 p.m.24 views

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

5.5CVSS5.6AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/24 2:46 p.m.14 views

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

5.5CVSS7AI score0.00407EPSS
Exploits0References1
CVE
CVE
added 2024/04/24 2:46 p.m.122 views

CVE-2024-32872

Umbraco Workflow (and Plumber) are affected by an SQL injection vulnerability where a Backoffice user can modify requests to a specific API endpoint to inject SQL that is executed on the server. Affected versions prior to fixed releases include Umbraco Workflow 10.3.9, 12.2.6, and 13.0.6, and Plu...

5.5CVSS5.3AI score0.00407EPSS
Exploits0References1
OSV
OSV
added 2024/04/24 2:46 p.m.5 views

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

5.5CVSS6.9AI score0.00407EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.2 views

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A security vulnerability exists in Umbraco workflow versions prior to 10.3.9, 12.2.6, and 13.0.6, which stems from a Umbraco Backoffice user being able to modify a request from a specific API endpoint...

5.5CVSS6.7AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.4 views

PT-2024-24928 · Umbraco · Umbraco Workflow

Name of the Vulnerable Software and Affected Versions: Umbraco Workflow versions prior to 10.3.9 Umbraco Workflow versions prior to 12.2.6 Umbraco Workflow versions prior to 13.0.6 Description: The issue allows an Umbraco Backoffice user to modify requests to a particular API endpoint to include...

5.5CVSS7.3AI score0.00407EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/19 7:24 a.m.27 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-22354)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7CVSS7.1AI score0.00649EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.146 views

Oracle E-Business Suite (April 2024 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Admin Screens and Grants UI. Supported versions that are...

9.1CVSS7.7AI score0.00723EPSS
Exploits0References49
Rows per page
Query Builder