22 matches found
EUVD-2017-7141
Malware in sbrugna...
EUVD-2022-30041
Malicious code in bioql PyPI...
CVE-2022-25370
Apache OFBiz uses the Birt plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142, an unauthenticated malicious user...
CVE-2022-25370
Apache OFBiz uses the Birt plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142, an unauthenticated malicious user...
CVE-2022-25370
Apache OFBiz uses the Birt plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142, an unauthenticated malicious user...
CVE-2022-25370
Apache OFBiz uses the Birt plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142, an unauthenticated malicious user...
CVE-2022-25371
Apache OFBiz uses the Birt project plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. By leveraging a bug in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142 it is possible to perform a remote code execution RCE attack in Apache OFBiz, release 18.12....
CVE-2022-25371
Apache OFBiz uses the Birt project plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. By leveraging a bug in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142 it is possible to perform a remote code execution RCE attack in Apache OFBiz, release 18.12....
Cross site scripting
Apache OFBiz uses the Birt plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142, an unauthenticated malicious user...
CVE-2022-25371
CVE-2022-25371 involves Apache OFBiz with the Birt plugin. A bug in Birt (Eclipse bug 538142) enables a remote code execution (RCE) attack in OFBiz 18.12.05 and earlier. The connected Red Hat/NVD entries confirm the RCE impact and affected version range. No details on a fixed/version upgrade are ...
CVE-2022-25371 Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz
Apache OFBiz uses the Birt project plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. By leveraging a bug in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142 it is possible to perform a remote code execution RCE attack in Apache OFBiz, release 18.12....
CVE-2022-25371 Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz
Apache OFBiz uses the Birt project plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. By leveraging a bug in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142 it is possible to perform a remote code execution RCE attack in Apache OFBiz, release 18.12....
CVE-2022-25370 Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz
Apache OFBiz uses the Birt plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142, an unauthenticated malicious user...
CVE-2022-25370
Summary: CVE-2022-25370 affects Apache OFBiz versions 18.12.05 and earlier, due to a vulnerability in the Birt plugin (Birt issue 538142) that enables an unauthenticated stored XSS attack. The attack can inject and execute a payload via the stored XSS vector. Affected software/component: Apache O...
PT-2022-17248 · Apache · Apache Ofbiz
Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.05 Description: The issue allows an unauthenticated malicious user to perform a stored XSS attack, enabling the injection of a malicious payload that can be executed. This is made possible by leveraging a...
PT-2022-17249 · Apache · Apache Ofbiz
Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 18.12.05 and earlier Description: The issue allows for a remote code execution RCE attack by leveraging a bug in the Birt project plugin used for data visualizations and reports. Recommendations: For Apache OFBiz version...
Apache OFBiz Code Injection Vulnerability
Apache OFBiz is an open source enterprise resource planning ERP system. A code injection vulnerability exists in the BIRT plugin in Apache OFBiz. The vulnerability arises because the plugin does not escape passed user input attributes. An attacker can perform code injection by passing via URL thi...
CVE-2017-15714
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "format=%27;alert%27xss%27" to the URL an alert window would execute...
Code injection
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "format=%27;alert%27xss%27" to the URL an alert window would execute...
CVE-2017-15714
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "format=%27;alert%27xss%27" to the URL an alert window would execute...