20 matches found
CVE-2019-11880
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...
EUVD-2019-3539
Malware in sbrugna...
EUVD-2017-1608
Malware in sbrugna...
CVE-2017-1000496
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code...
CVE-2019-11880
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...
CVE-2019-11880
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...
Sql injection
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...
CVE-2019-11880
CVE-2019-11880 affects CommSy
CVE-2019-11880
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...
CommSy SQL Injection Vulnerability
Commsy is a Web-based, open source community system for project management. A SQL injection vulnerability exists in CommSy version 8.6.5. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerabili...
CommSy 8.6.5 - SQL injection
CommSy 8.6.5 - SQL injection Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-...
CommSy 8.6.5 - SQL injection
Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-16 Send details to the vendor...
CommSy 8.6.5 - SQL injection Vulnerability
Exploit for php platform in category web applications Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security...
CommSy 8.6.5 SQL Injection
Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-16 Send details to the vendor...
Commsy XXE Attack Vulnerability
Commsy is a Web-based, open source community system for project management. A security vulnerability exists in the configuration import feature in Commsy version 9.0.0. A remote attacker could exploit the vulnerability to cause a denial of service and possibly execute code...
CVE-2017-1000496
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code...
CVE-2017-1000496
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code...
Code injection
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code...
CVE-2017-1000496
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code...
CVE-2017-1000496
Commsy 9.0.0 is vulnerable to XXE attacks via the configuration import feature, causing denial of service and possibly remote code execution. Root cause described as an XXE issue in the import workflow. The connected documents confirm the affected product/version and impact but do not provide exp...