4558 matches found
CVE-2024-25509
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wffiledownload.aspx...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkFlow/wffiledownload.aspx file against externally entered SQL statements. An attacker...
PT-2024-20971 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkFlow/wf file download.aspx" API endpoint...
CVE-2024-25509
CVE-2024-25509 affects RuvarOA v6.01 and v12.01, where a SQL injection exists via the sys_file_storage_id parameter in the /WorkFlow/wf_file_download.aspx endpoint. Root cause appears to be lack of input validation for that parameter, enabling SQL statements to be interpreted by the database. Imp...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-25026)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533
Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with...
The vulnerability of the Admin Screens and Grants UI components in the Oracle Workflow system, a task management system for enterprise automation in Oracle E-Business Suite, allows a perpetrator to execute arbitrary code.
The vulnerability of the Admin Screens and Grants UI components in the Oracle Workflow system, a component of the Oracle E-Business Suite for enterprise automation, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...
GHSA-287F-46J7-J4WH Umbraco Workflow's Backoffice users can execute arbitrary SQL
Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...
CVE-2024-32872
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2024-32872
Umbraco Workflow (and Plumber) are affected by an SQL injection vulnerability where a Backoffice user can modify requests to a specific API endpoint to inject SQL that is executed on the server. Affected versions prior to fixed releases include Umbraco Workflow 10.3.9, 12.2.6, and 13.0.6, and Plu...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
Umbraco 安全漏洞
Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A security vulnerability exists in Umbraco workflow versions prior to 10.3.9, 12.2.6, and 13.0.6, which stems from a Umbraco Backoffice user being able to modify a request from a specific API endpoint...
PT-2024-24928 · Umbraco · Umbraco Workflow
Name of the Vulnerable Software and Affected Versions: Umbraco Workflow versions prior to 10.3.9 Umbraco Workflow versions prior to 12.2.6 Umbraco Workflow versions prior to 13.0.6 Description: The issue allows an Umbraco Backoffice user to modify requests to a particular API endpoint to include...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-22354)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Oracle E-Business Suite (April 2024 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Admin Screens and Grants UI. Supported versions that are...