EUVD-2024-1257

Malicious code in bioql PyPI...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal when routing requests to a backend using a PathPrefix, Path, or PathRegex matcher. An attacker can bypass the middleware chain to access backend services by including traversal sequences like /../ in a request. Detai...

CVE-2023-46887

In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability...

CVE-2017-9654

The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N...

CVE-2017-9654

The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N...

Code Execution Vulnerability in Ocean CMS

Ocean Movie System aka Ocean CMS seacms is a PHP movie system. Ocean CMS has a code execution vulnerability, the vulnerability is due to the system fails to strictly filter the written files. Attackers can modify the background files through csrf write code, and then get the site management...

用友某系统目录遍历涉及大量敏感信息+未授权访问后台

简要描述： 用友某系统目录遍历涉及大量敏感信息+未授权访问后台 详细说明： 招投标系统 http://buy.ufida.com.cn/File/ http://buy.ufida.com.cn/images/ 大量个人简历和标书,合同等等. 漏洞证明： http://buy.ufida.com.cn/Web/ http://buy.ufida.com.cn/Web/BDMS/SystemStatistics.aspx img...