243 matches found
REDCap SQL注入漏洞
REDCap is a data collection and management web application. A security vulnerability exists in REDCap version 12.0.26 LTS and version 12.3.2 Standard, which stems from a SQL injection vulnerability at multiple function points...
libcap 输入验证错误漏洞
libcap is a package of network data capture functions from the individual developer Michael Kerrisk. A security vulnerability exists in libcap, which stems from an integer overflow that can occur if the input string is close to 4GiB...
Exploit for Cross-site Scripting in Teampass
CVE-2023-2591: Stored HTML Injection in Item Label in Teampass...
CVE-2023-32060
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...
CVE-2023-31138
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...
Design/Logic Flaw
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...
CVE-2023-32060
CVE-2023-32060 affects DHIS2 Core from the 2.35 branch prior to fixes: versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0. The issue is an improper access control for Category Option Combination Sharing that can cause the API endpoints /trackedEntityInstances and /events to return all events regardless...
CVE-2023-32060 DHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/events
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...
CVE-2023-31139
DHIS2 Core contains the service layer and Web API. The issue arises in versions prior to 2.37.9.1, 2.38.3.1, and 2.39.1.2, where Personal Access Tokens (PATs) generate unrestricted session cookies, potentially bypassing other access controls (e.g., IP restrictions or HTTP methods). Impact is a by...
CVE-2023-31138 DHIS2 Core vulnerable to Improper Access Control with PATCH requests
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...
CVE-2023-31138
CVE-2023-31138 affects DHIS2 Core: starting in the 2.36 branch and before 2.37.9.1, 2.38.3.1, or 2.39.1.2, authenticated users with write access to an object may modify related objects via object model traversal in a PATCH payload. Mitigation is to upgrade to a supported version: 2.37.9.1, 2.38.3...
teampass vulnerable to code injection
In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a for...
Stored HTML Injection in Item Label
Description If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. Proof of Concept...
The vulnerability of the Forms component in the Oracle Clinical Remote Data Capture system allows a intruder to disclose protected information.
The vulnerability of the Forms component in the Oracle Clinical Remote Data Capture system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...
CVE-2023-21993
Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...
CVE-2023-21993
Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...
Buffer overflow
Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...
CVE-2023-21993
CVE-2023-21993 affects Oracle Clinical Remote Data Capture (Oracle Health Sciences Applications), component Forms, with vulnerable version 5.4.0.2. The issue is a network-accessible, low-privilege flaw that can lead to unauthorized data access (CVSS v3.1 base score 6.5, Confidentiality impact). P...
Oracle Health Sciences Applications 安全漏洞
Oracle Health Sciences Applications is a suite of clinical development solutions for the healthcare industry from Oracle Corporation. A security vulnerability exists in Oracle Clinical Remote Data Capture version 5.4.0.2 for Oracle Health Sciences Applications. An attacker could exploit the...
Acuant AcuFill SDK 代码问题漏洞
Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from documents. A security vulnerability exists in Acuant AcuFill SDK. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the...