18 matches found
EUVD-2022-29297
Malicious code in bioql PyPI...
EUVD-2022-29298
Malicious code in bioql PyPI...
CVE-2022-24405
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API...
CVE-2022-24406
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...
CVE-2022-24406
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...
CVE-2022-24406
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...
CVE-2022-24405
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API...
CVE-2022-24406
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...
CVE-2022-24405
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API...
Sql injection
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...
Command injection
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API...
CVE-2022-24406
OX App Suite (Open-Xchange) up to version 7.10.6 is affected by an SSRF flaw where predictable multipart/form-data boundaries allow an attacker to inject into internal Documentconverter API calls. This can enable manipulation of internal API parameters and potentially compromise internal componen...
CVE-2022-24405
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API...
CVE-2022-24405
OX App Suite (Open-Xchange) vulnerable through 7.10.6: OS command injection via a serialized Java class in the Documentconverter API. Affected versions are 7.10.6 and earlier; exploitation occurs when a Java-serialized object is processed by the documentconverter endpoint, enabling command execut...
PT-2022-16675 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows OS Command Injection via a serialized Java class to the "Documentconverter API" endpoint. This enables potential attackers to execute system commands. No information is...
PT-2022-16676 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for Server-Side Request Forgery SSRF due to predictable multipart/form-data boundaries, which can lead to injection into internal Documentconverter API calls...
Open-Xchange OX App Suite 操作系统命令注入漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An operating system command injection vulnerability exists in Open-Xchange OX App Suite versions 7.10.6 and below, which stems from a compatibility layer of the documentconverter API that can b...
Cross site scripting
Cross-site scripting XSS vulnerability in Open-Xchange OX AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, a...