229 matches found
Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-06018)
Beijing Yisaitong Science and Technology Development Limited Liability Company is a company whose business scope includes general items: technical services, technology development, technology consulting, technology exchanges, technology transfer and so on. There is a command execution vulnerabili...
Arbitrary File Download Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-05347)
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
Data Exfiltration Using Indirect Prompt Injection
Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a...
SQL Injection Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03265)
Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A SQL injection vulnerability exists in the Yisetong electronic document security management system, which can be exploited by attackers to obta...
Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03256)
Beijing Yisaitong Science and Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by a...
Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03028)
Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by an attacker t...
SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-00987)
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
CVE-2023-48241
XWiki Platform contains an information-disclosure flaw in the Solr-based search suggestion service. From CVE-2023-48241 and connected data, the vulnerability affects XWiki Platform versions starting at 6.3-milestone-2 up to but not including fixed releases: 14.10.15, 15.5.1, and 15.6RC1. The Solr...
Logic Flaw Vulnerability in Isthmus Electronic Document Security Management System
Yisetong Electronic Document Security Management System CDG for short is an electronic document security encryption software, which utilizes the driver layer transparent encryption technology to prevent internal employees from leaking secrets and outsiders from illegally stealing the core importa...
Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2023-99981)
Ltd. is a leading provider of Data Leakage Protection DLP products, solutions and security services in China. A command execution vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd. that can be exploited by an attacker to...
CVE-2023-46666
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the...
CVE-2023-37910 org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document can be the use...
Logic flaw vulnerability in the electronic document security management system of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2023-96198)
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. The electronic document security management system of Beijing Yisetong Technology Development Co., Ltd. has a logic flaw vulnerability, which can...
Information leakage vulnerability in the electronic document security management system of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2023-86622)
Beijing Yisetong Technology Development Co., Ltd. is a leading data security business provider in China. An information leakage vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd, which can be exploited by attackers to...
Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2023-002)
The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2023-002 advisory. LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on vario...
CVE-2023-22062
...
The vulnerability of the OpenSearch software package, related to incorrect authorization, allows a perpetrator to introduce incorrect access authorization.
The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document level security, field level security, and field masking. These rules were incorrectly applied to queries under rare execution conditions. Exploiting this vulnerability c...
CVE-2023-34958
CVE-2023-34958 concerns Chamilo LMS versions 1.11.* up to 1.11.18. The vulnerability is described as an inadequate access control that allows a student enrolled in a course to download documents belonging to another student if they know the document’s ID. This is an information disclosure issue r...
Remote Code Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co.
Electronic document security management system referred to as: CDG is an electronic document security protection software, the system utilizes the driver layer transparent encryption technology, through the encryption and protection of electronic documents, to prevent the internal staff leakage a...
XSS in Seo & Settings tab of Documents in pimcore/pimcore
Description pimcore is vulnerable to XSS at Title field in SEO & Settings tab of Document. Proof of Concept 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In Documents, go to home - click on SEO & Settings icon to go to this tab. 3.In the SEO & Setting tab, input the payload " into the Titl...