Siemens COMOS Web Component Cross-Site Scripting Vulnerability

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A cross-site scripting vulnerability exists in the Siemens COMOS Web component that could b...

CVE-2021-37195

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS accepts arbitrary code as...

Siemens Comos 跨站脚本漏洞

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A cross-site scripting vulnerability exists in the Siemens COMOS Web component that could b...

PartKeepr 信息泄露漏洞

PartKeepr is an inventory management software designed primarily for electronic components. a security vulnerability exists in PartKeepr, which stems from the use of a file:// URL that allows attachments to be loaded when creating parts, which can be exploited by an authenticated attacker to read...

PartKeepr 代码问题漏洞

PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...

CVE-2022-22702

CVE-2022-22702 concerns PartKeepr up to version 1.4.0, where uploading attachments via a URL does not validate requests to local ports, enabling an authenticated user to perform SSRF and port enumeration. The root cause is the lack of validation in the URL-based attachment upload flow, exposing t...

PT-2022-10384 · Bmc · Bmc Track-It!

Name of the Vulnerable Software and Affected Versions: BMC Track-It! affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this issue. The specific flaw exists...

BMC Community Track-It! 代码问题漏洞

BMC Community Track-It! is an It helpdesk software from BMC Community USA. It is used for help desks and helpdesks with asset management. A code issue vulnerability exists in BMC Community Track-It! that stems from the handling of email attachments that exist. The issue is caused due to a lack of...

BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of...

Cross site scripting

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

CVE-2021-45903

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

PT-2021-24310 · Bitnami +2 · Suitecrm

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

CVE-2021-44035

Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...

Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting XSS Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

[SECURITY] Fedora 35 Update: containerd-1.5.8-1.fc35

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

[SECURITY] Fedora 34 Update: containerd-1.5.8-1.fc34

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

BookStack 访问控制错误漏洞

BookStack is an open source set of BookStackApp Bookstackapp team's platform for building wiki documents using PHP and Laravel. bookstackapp suffers from an access control error vulnerability that stems from the fact that users with API access can view any attachments to which they do not have re...

Evasive maneuvers: HTML smuggling explained

Microsoft Threat Intelligence Center MSTIC last week disclosed “a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features” that it calls HTML smuggling. HTML smuggling has been used in targeted, spear-phishing email campaigns that deliver banking Trojans...

VulnCheck KEV: CVE-2019-3398

Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution...

CVE-2015-20067

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress...