11 matches found
EUVD-2025-17464
Malicious code in bioql PyPI...
CVE-2025-5877
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...
CVE-2025-5877
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...
CVE-2025-5877 Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...
CVE-2025-5877
The CVE-2025-5877 is a confirmed issue in Fengoffice Feng Office 3.2.2.1. It affects unknown functionality in /application/models/ApplicationDataObject.class.php within the Document Upload Handler, enabling an XML external entity reference. The vulnerability can be exploited remotely, and the exp...
CVE-2025-5877 Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...
CVE-2025-5433 Fengoffice Feng Office index.php sql injection
A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=settimezone. The manipulation of the argument tzoffset leads to sql injection. The attack may be launched remotely. The...
CVE-2025-5433 Fengoffice Feng Office index.php sql injection
A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=settimezone. The manipulation of the argument tzoffset leads to sql injection. The attack may be launched remotely. The...
FengOffice 3.11.1.2 SQL Injection
Exploit Title: FengOffice - Blind SQL Injection Date: 06/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html Steps to Reproduce: 1. Login to application 2. Click on "Workspaces" 3. Copy full U...
FengOffice 1.7.4 Shell Upload
------------------------------------------------------------------------ Software................FengOffice 1.7.4 Vulnerability...........Arbitrary Upload Threat Level............Very Critical 5/5 Download................http://www.fengoffice.com Vendor Contact Date.....3/11/2011 Disclosure...
FengOffice 1.7.4 Cross Site Scripting
------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in FengOffice 1.7.4 can be exploited to execute arbitrary JavaScript. --PoC-- alert0" / alert0" /...