21 matches found
EUVD-2012-1837
Malware in sbrugna...
EUVD-2012-1838
Malware in sbrugna...
EUVD-2012-1839
Malware in sbrugna...
VulnCheck KEV: CVE-2012-3347
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment...
CVE-2012-3347
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment...
Design/Logic Flaw
The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function...
CVE-2012-1827
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request...
Server side request forgery (ssrf)
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields...
CVE-2012-1829
Multiple cross-site scripting XSS vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields...
CVE-2012-1828
The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function...
Design/Logic Flaw
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment...
CVE-2012-1828
The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function...
CVE-2012-1829
CVE-2012-1829 refers to multiple stored XSS vulnerabilities in AutoFORM PDM Archive prior to 6.920. The root cause is insufficient input validation and/or output encoding in many fields, enabling remote authenticated users to inject arbitrary scripts or HTML. Impacts include potential information...
CVE-2012-1828
AutoFORM PDM Archive/AutoFORM PDM Archive before 7.1 allows remote authenticated users to perform administrative actions due to missing authorization for hidden administrative functions (e.g., password-change). The issue is tied to the hidden function exposure and is addressed by vendor updates: ...
CVE-2012-1827
AutoFORM PDM Archive vulnerability CVE-2012-1827 affects versions prior to 7.1. The webservice lacks authorization, allowing remote authenticated users to interact with the application database via SOAP (notably initializeQueryDatabase2), bypassing normal permissions. This can lead to unauthorize...
CVE-2012-1829
Multiple cross-site scripting XSS vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields...
CVE-2012-1827
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request...
CVE-2012-3347
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment...
CVE-2012-3347
CVE-2012-3347 affects AutoFORM PDM Archive prior to 7.0. The issue arises from how user accounts are implemented, allowing authenticated remote users to access the JMX Console at /jmx-console and then upload/execute arbitrary JSP code via a JBoss remote-deployment mechanism. The description docum...