CVE-2020-6856

An XML External Entity XEE vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders...

Roundup: Filesystem access vulnerability

Background Roundup is a simple to use issue-tracking system with command-line, web, and e-mail interfaces. Description Improper handling of a specially crafted URL allows access to the server's filesystem, which could contain sensitive information. Impact An attacker could view files owned by the...