48 matches found
CVE-2019-20153
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM in v5.4. An XML external entity XXE vulnerability in the upload definition feature in definitionuploadattach.jsp allows authenticated remote attackers to read arbitrary files including configuration files...
SUSE CVE-2024-52333
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...
DEBIAN-CVE-2024-52333
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...
[SECURITY] Fedora 40 Update: qt5-qtlocation-5.15.14-1.fc40
The Qt Location and Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...
CVE-2023-21316
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Atlassian Jira Server and Data Center has an unspecified vulnerability
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a security vulnerability that could be...
CVE-2019-20155
An issue was discovered in reportedit.jsp in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server...
CVE-2019-20153
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM in v5.4. An XML external entity XXE vulnerability in the upload definition feature in definitionuploadattach.jsp allows authenticated remote attackers to read arbitrary files including configuration files...
CVE-2019-20154
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. A cross-site scripting XSS vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML...
Code injection
An issue was discovered in reportedit.jsp in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server...
Xxe
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM in v5.4. An XML external entity XXE vulnerability in the upload definition feature in definitionuploadattach.jsp allows authenticated remote attackers to read arbitrary files including configuration files...
Cross site scripting
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. A cross-site scripting XSS vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML...
CVE-2019-20155
CVE-2019-20155 affects Determine CLM v5.4 (report_edit.jsp). The issue allows an authenticated user to cause Groovy code execution on the server during report generation, enabling arbitrary code execution. Affected component is the report generation flow in report_edit.jsp; root cause is code exe...
CVE-2019-20154
Determine Contract Lifecycle Management (CLM) v5.4 contains a Cross‑Site Scripting (XSS) vulnerability in multiple getchart.jsp parameters, enabling remote attackers to inject arbitrary web script or HTML. The affected component is CLM 5.4; root cause stems from inadequate input validation in get...
CVE-2019-20153
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM in v5.4. An XML external entity XXE vulnerability in the upload definition feature in definitionuploadattach.jsp allows authenticated remote attackers to read arbitrary files including configuration files...
CVE-2019-20153
CVE-2019-20153 concerns Determine Contract Lifecycle Management (CLM) v5.4, where an XML External Entity (XXE) flaw in the upload definition feature (definition_upload_attach.jsp) allows authenticated remote attackers to read arbitrary files, including configuration files with administrative cred...
Determine Contract Lifecycle Management Cross-Site Scripting Vulnerability
Determine Contract Lifecycle Management CLM is a suite of enterprise contract lifecycle management solutions from Determine Corporation. A cross-site scripting vulnerability exists in the getchart.jsp file in Determine CLM version 5.4, which stems from the lack of proper validation of client-side...
Determine Contract Lifecycle Management XML External Entity Injection Vulnerability
Determine Contract Lifecycle Management CLM is a suite of enterprise contract lifecycle management solutions from Determine Corporation. An XML external entity injection vulnerability exists in the definitionuploadattach.jsp file in Determine CLM version 5.4, which can be exploited by an attacker...
CVE-2018-11645
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977...
Linux Kernel - offset2lib Stack Clash Exploit
Exploit for linux platform in category local exploits / Linuxoffset2lib.c for CVE-2017-1000370 and CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...