86 matches found
Path traversal
A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The nam...
Improper Restriction of XML External Entity Reference
A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/econtract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference...
CVE-2014-125044 soshtolsus wing-tight index.php file inclusion
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this...
CVE-2017-20162 vercel ms index.js parse redos
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/installform.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely...
CVE-2020-36640 bonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity reference
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external...
CVE-2022-4876 Kaltura mwEmbed DefaultSettings.php cross site scripting
A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTPXFORWARDEDHOST leads to cross site scripting. The attack may be initiated remotely...
CVE-2021-4300 ghostlander Halcyon Block Verification main.cpp AddToBlockIndex access control
A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched...
Code injection
A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...
CVE-2021-4297
A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runspost of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is...
CVE-2021-4295 ONC code-validator-api XML CodeValidatorApiConfiguration.java vocabularyValidationConfigurations xml external entity reference
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. T...
Cross site scripting
A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this...
Cross site scripting
A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation...
CVE-2020-36630 FreePBX cdr Cdr.class.php ajaxHandler sql injection
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of t...
CVE-2021-4278 cronvel tree-kit prototype pollution
A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. Upgrading to version 0.7.0 is able to address this issue. The...
Design/Logic Flaw
A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...
GHSA-6M4H-HFPP-X8CX docconv OS Command Injection vulnerability
A vulnerability was found in docconv prior to version 1.2.1. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdfocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to...
docconv OS Command Injection vulnerability
A vulnerability was found in docconv prior to version 1.2.1. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdfocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to...
CVE-2021-4269 SimpleRisk common.js checkAndSetValidation cross site scripting
A vulnerability has been found in SimpleRisk and classified as problematic. This vulnerability affects the function checkAndSetValidation of the file simplerisk/js/common.js. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. Upgrading to...
CVE-2022-4642 tatoeba2 Profile Name cross site scripting
A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...