39 matches found
CVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
EUVD-2025-197726
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
PT-2025-47084
Name of the Vulnerable Software and Affected Versions Jiusi OA versions prior to 20251103 Description A security issue has been identified in Jiusi OA. The issue involves unrestricted upload capabilities through manipulation of the FileData argument within an unknown function of the...
Jiusi OA 代码问题漏洞
Jiusi OA is a collaborative office system from China Jiusi Jiusi. A code issue vulnerability exists in Jiusi OA 20251102 and prior versions, which stems from an incorrect manipulation of the parameter FileData in File/OfficeServer, which can lead to unlimited uploads...
EUVD-2025-28914
Malicious code in bioql PyPI...
openDCIM Cross-Site Scripting Vulnerability
openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...
CVE-2025-10253
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2025-10253 openDCIM SVG File uploadifive.php cross site scripting
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2025-10253 openDCIM SVG File uploadifive.php cross site scripting
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2025-10253
CVE-2025-10253 affects openDCIM 23.04; the vulnerable component is the SVG File Handler’s /scripts/uploadifive.php, where manipulation of the Filedata argument enables cross-site scripting. The issue is triggered remotely via user-controlled input, with exploit maturity noted as a proof-of-concep...
PT-2025-37185
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
openDCIM 安全漏洞
openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...
AlmaLinux 8 : openldap (ALSA-2024:4264)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4264 advisory. openldap: null pointer dereference in bermemallocx function CVE-2023-2953 Tenable has extracted the preceding description block directly from the AlmaLinux securit...
CBL Mariner 2.0 Security Update: fcgi (CVE-2012-6687)
The version of fcgi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2012-6687 advisory. - FastCGI aka fcgi and libfcgi 2.4.0 allows remote attackers to cause a denial of service segmentation fault and...
RHEL 7 : jose (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jose: Denial of service due to uncontrolled CPU consumption CVE-2023-50967 - jose: resource exhaustion...
VulnCheck KEV: CVE-2023-2648
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
CVE-2023-3797
A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. This affects an unknown part of the file /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx. The manipulation of...