EUVD-2014-3628

Malware in sbrugna...

EUVD-2022-2850

Malicious code in bioql PyPI...

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

Design/Logic Flaw

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

PT-2023-8583 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.23 ILIAS versions 8 prior to 8.3 Description: The issue is related to insufficient input validation in the workflow-engine of ILIAS, allowing remote authenticated users to execute arbitrary system commands on the...

Improper Input Validation in Drools and jBPM

XML external entity XXE vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file...

Security Bulletin: XXE Vulnerability in Drools Affects IBM Sterling B2B Integrator (CVE-2014-8125)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2014-8125 DESCRIPTION: Drools and jBPM could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error within the jBPM runtime. By...

Xxe

XML external entity XXE vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file...

CVE-2014-8125

XML external entity XXE vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file...

CVE-2014-8125

CVE-2014-8125 is an XXE vulnerability in Drools and jBPM that, before version 6.2.0, allows remote attackers to read arbitrary files via a crafted BPMN2 file. Affected: Drools/jBPM runtimes; root cause: XML External Entity processing in BPMN2 handling. Impact per sources: potential file disclosur...

CVE-2014-3682

XML external entity XXE vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file...

Xxe

XML external entity XXE vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file...

CVE-2014-3682

XML external entity XXE vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file...