20 matches found
EUVD-2022-41582
Malicious code in bioql PyPI...
CVE-2022-39038
Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...
CVE-2022-39038
Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...
CVE-2022-39036
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...
CVE-2022-39037
Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2022-39036
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...
Authentication flaw
Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...
Unrestricted file upload
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...
Path traversal
Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2022-39038
The CVE concerns Flowring Technology’s Agentflow BPM Enterprise Management System. Affected component: improper authentication that allows a remote attacker with general user privileges to rename a user account, enabling arbitrary account privilege escalation and potential to access, manipulate, ...
CVE-2022-39038 FLOWRING Agentflow BPM - Broken Access Control
Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...
CVE-2022-39037 FLOWRING Agentflow BPM - Path Traversal
Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2022-39037 FLOWRING Agentflow BPM - Path Traversal
Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2022-39036 FLOWRING Agentflow BPM - Arbitrary File Upload
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...
CVE-2022-39036
The CVE-2022-39036 entry concerns Flowring Technology’s Agentflow BPM. The vulnerability is a file upload flaw caused by insufficient filtering of special characters in URLs, enabling an unauthenticated remote attacker to upload arbitrary files and execute arbitrary code, potentially manipulating...
CVE-2022-39036 FLOWRING Agentflow BPM - Arbitrary File Upload
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...
Flowring Technology Agentflow BPM 路径遍历漏洞
Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology, a Chinese company. A path traversal vulnerability exists in Flowring Technology Agentflow BPM, which arises from a file download feature that allows an unauthenticated, remote attacker to bypass...
PT-2022-24691 · Unknown · Agentflow Bpm
Name of the Vulnerable Software and Affected Versions: Agentflow BPM affected versions not specified Description: The Agentflow BPM file download function has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and download arbitrary system files...
Flowring Technology Agentflow BPM 授权问题漏洞
Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology. Flowring Technology Agentflow BPM suffers from an authorization vulnerability that arises from improper authentication of its enterprise management system, which could allow a remote attacker wi...
Flowring Technology Agentflow BPM 代码问题漏洞
Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology China. A code issue exists in Flowring Technology Agentflow BPM, which arises from an insufficient filtering of special characters in the url of the file upload function, which could allow an...