The vulnerability of the `com.ilient.agentApi.LshwAgent#doPost` method in the SysAid hardware and software support and control automation software allows attackers to perform XXE attacks.

The vulnerability of the com.ilient.agentApi.LshwAgentdoPost method in SysAid’s automation software for supporting and controlling hardware and software systems is related to incorrect restrictions on XML links to external objects during the processing of the /lshw endpoint. Exploiting this...

CVE-2025-4838

Vulnerability overview (CVE-2025-4838): Affected product: kanwangzjm Funiture (up to commit 71ca0fb0658b3d839d9e049ac36429207f05329b). The issue is in the Login component, specifically the LoginServlet.java file and its doPost function. The argument ret can be manipulated to induce an open redire...

The vulnerability of the software for automation of support and control of hardware and software systems from SysAid allows a perpetrator to execute arbitrary code.

The vulnerability of the doPost method in the UserEntry class of the com.ilient.server package in the SysAid software for hardware and software support and control involves the possibility of path traversal. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading...

CVE-2023-50565

A cross-site scripting XSS vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-50565

A cross-site scripting XSS vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

PT-2023-31589 · Rpcms · Rpcms

Name of the Vulnerable Software and Affected Versions: RPCMS version 3.5.5 Description: A cross-site scripting XSS issue in the component "/logs/dopost.html" allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For RPCMS version 3.5.5, consider disabli...

RPCMS 跨站脚本漏洞

RPCMS is a software application, a web CMS system. A cross-site scripting vulnerability exists in RPCMS v3.5.5, which stems from the lack of effective filtering and escaping of user-supplied data in the component /logs/dopost.html, and can be exploited by an attacker to execute arbitrary Web scri...

The vulnerability of the doPost method in the UserEntry class of the com.ilient.server package in the SysAid software for hardware and software support and control allows a perpetrator to execute arbitrary code.

The vulnerability of the doPost method in the UserEntry class of the com.ilient.server package in the SysAid software for hardware and software support and control involves the possibility of path traversal. Exploiting this vulnerability could allow an attacker to execute arbitrary code by loadin...

PT-2023-6781

Name of the Vulnerable Software and Affected Versions SysAid On-Premise versions prior to 23.3.36 Description A path traversal vulnerability in SysAid On-Premise software leads to code execution after an attacker writes a file to the Tomcat webroot. This issue has been exploited in the wild, with...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

Explotación Activa Sobre Zimbra CVE-2022-37042 RCE Unauthent...

CVE-2022-36583

DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/codo.php via the dopost, rpok, and aid parameters...

CVE-2022-36583

DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/codo.php via the dopost, rpok, and aid parameters...

DedeCMS 跨站脚本漏洞

DedeCMS 织梦内容管理系统 is a PHP-based open source content management system CMS from China's Zhuo Zhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval.A security vulnerability exists in DedeCMS version V5.7.97, which was discovered to...

The vulnerability of the doPost method in the Rtrlet class of the ZENworks Configuration Management information system allows a perpetrator to load and execute arbitrary files.

The vulnerability of the GetReRequestData method in the GetStoredResult class of the ZENworks Configuration Management information system is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using...

The vulnerability of the doPost method in the Rtrlet class of the ZENworks Configuration Management information system allows a perpetrator to load and execute arbitrary files.

The vulnerability of the doPost method in the Rtrlet class of the ZENworks Configuration Management software lies in the deficiencies in path name restriction. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary files using unspecified vectors...

Novell ZENworks 'doPost' Method Remote Code Execution Vulnerability

Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. The 'doPost' method in the Rtrlet class of Novell ZENworks fails to adequately filter the path of an uploaded file, allowing remote attackers to...

BuildEdgeIndexServlet XSRF

The BuildEdgeIndexServlet is responsible for rebuilding the edge index. As this is a servlet and not a Webwork action, XSRF checks must be implemented programmatically. The Servlet does not currently implement any XSRF token checks, meaning the edge index can be forced to be rebuilt when attacked...

Information disclosure

MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...

CVE-2007-3275

MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...