144 matches found
ecm-spezialist.de Cross Site Scripting vulnerability OBB-1327637
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
openSUSE Security Update : hylafax+ (openSUSE-2020-1209)
This update for hylafax+ fixes the following issues : Hylafax was updated to upstream version 7.0.3. Security issues fixed : - CVE-2020-15396: Secure temporary directory creation for faxsetup, faxaddmodem, and probemodem boo1173521. - CVE-2020-15397: Sourcing of files into binaries from user...
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
CVE-2020-13239
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS...
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
Design/Logic Flaw
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
Cross site scripting
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS...
CVE-2020-13239
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS...
UBUNTU-CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
CVE-2020-13239
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS...
CVE-2020-13239
Dolibarr 11.0.4 DMS/ECM module vulnerability: rendering of user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link enables stored XSS. Root cause is insufficient validation/handling of HTML attachments in Dolibarr’s DMS/ECM component. Report...
CVE-2020-13240
Dolibarr 11.0.4's DMS/ECM module is vulnerable: users with the 'Setup documents directories' permission can rename uploaded files to have insecure file extensions, bypassing the .noexe protection mechanism against XSS. This is a stored cross‑site scripting risk described across multiple sources (...
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
PT-2020-13389 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.4 Description: The issue concerns the DMS/ECM module, which renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link, leading to a Cross-Site Scripting XSS...
Rockwell Automation E300 Overload Relay 193-ECM-ETR Motor Overload
Binary data 752367.prm...
Security Bulletin: FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler
Summary FileNet Content Management Interoperability Services CMIS, which ships with IBM Content Navigator, is affected by the following vulnerability: Spring Framework’s improper handling of ResourceHttpRequestHandler could result in denial of service condition. Vulnerability Details CVE-ID:...
Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition
Summary Enterprise Content Management System Monitor has addressed the following vulnerability in IBM® SDK Java™ Technology Edition. This issue was disclosed as part of the IBM® SDK Java™ Technology Edition Quarterly CPU - Oct 2018 - Includes Oracle Oct 2018 CPU. Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Enterprise Content Management System Monitor
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and 8 used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-1656 DESCRIPTION:The IBM Java...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Enterprise Content Management System Monitor
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version Java 6 and Java 7 used by Enterprise Content Management System Monitor. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details CVEID: CVE-2016-5573 DESCRIPTION:...