37 matches found
EUVD-2008-4926
Malware in sbrugna...
EUVD-2005-3340
Malware in sbrugna...
EUVD-2022-45058
Malicious code in bioql PyPI...
EUVD-2022-45057
Malicious code in bioql PyPI...
CVE-2022-41947
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...
DHIS 2 安全漏洞
DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 Core versions prior to 2.36.13, prior to 2.37.8, and prior to 2.38.2, which stems from the fact that users may be able to...
DHIS 2 安全漏洞
DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 versions prior to 2.37.9.1, prior to 2.38.3.1, and prior to 2.39.1.2, which stems from the use of object model traversal ...
CVE-2022-41947
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...
CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...
CVE-2022-41947
CVE-2022-41947 describes a cross-site scripting (XSS) vulnerability in DHIS 2 core where an authenticated user can upload a file containing embedded JavaScript, which could be triggered when another authenticated user opens the file in a browser. Affected versions are DHIS 2 prior to 2.36.12.1, 2...
CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...
CVE-2022-41948
CVE-2022-41948 describes a privilege-escalation in DHIS 2 core where a user with authority to manage users can self-assign superuser privileges by crafting an HTTP PUT request. The root cause is improper handling of user-management authority that allows self-elevation if the attacker is authentic...
CVE-2022-41949 Semi-blind Server-Side Request Forgery in dhis2-core
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources like third party servers. This could allow...
PT-2022-26176 · Dhis2 · Dhis2
Name of the Vulnerable Software and Affected Versions: DHIS 2 versions prior to 2.36.12.1 DHIS 2 versions prior to 2.37.8.1 DHIS 2 versions prior to 2.38.2.1 DHIS 2 versions prior to 2.39.0.1 Description: DHIS 2 is an open source information system for data capture, management, validation,...
DHIS 2 跨站脚本漏洞
DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A cross-site scripting vulnerability exists in DHIS 2 core versions 2.35, 2.36, 2.37, 2.38, 2.39, which arises from various features of DHIS 2 that allow an...
CVE-2021-39179
CVE-2021-39179 concerns DHIS2 Tracker API SQL injection affecting authenticated users. Provided documents (NVD, Red Hat RH, OSV, CVE lists) describe a SQL injection in the Tracker component that can be triggered via POST paths /api/trackedEntityInstances and /api/trackedEntityInstances/query, imp...
DHIS 2 SQL注入漏洞
DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. DHIS 2 suffers from a SQL injection vulnerability that stems from the lack of effective filtering and escaping of user-submitted SQL input parameters in the Tracke...
Sql injection
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...
DHIS 2 SQL注入漏洞
DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A SQL injection vulnerability exists in dhis2 DHIS 2. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor...
DEBIAN-CVE-2008-4947
dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file...