OpenEMR Directory Traversal Vulnerability (CNVD-2019-10150)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by a remote attacker to read arbitrary files via the "docid"...

OpenEMR Directory Traversal Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by remote attackers to execute arbitrary PHP code via the "doci...

OpenEMR Directory Traversal Vulnerability (CNVD-2019-10153)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in versions of OpenEMR prior to 5.0.1.4, which can be exploited by a remote attacker to delete arbitrary files with the help...

Directory traversal

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed...

Foxit Reader Type Obfuscation Remote Code Execution Vulnerability (CNVD-2018-15069)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

Foxit Reader Type Obfuscation Remote Code Execution Vulnerability (CNVD-2018-15070)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

CVE-2018-14264

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Universal Password Login Vulnerability in Tatsui Import Preamplifier System

Shanghai Chenrui Information Technology Company is a wholly-owned subsidiary of the Third Research Institute of the Ministry of Public Security. With information security as its main business direction, Chenrui is mainly engaged in the development and integration of products in computer network...

s2-016 Command Execution Vulnerability in Skywalker Secure One-Way Import System

Tianxing Security One-way Import System is a network security product of Beijing Tianxing Net Security Information Technology Co., Ltd. for one-way data transmission across security domains. The product consists of importing preamplifier PAS and importing server IAS, which can provide a...

Weak Password Vulnerability in Tianxing Security One-way Import System Database

Tianxing Security One-way Import System is a network security product of Beijing Tianxing Net Security Information Technology Co., Ltd. for one-way data transmission across security domains. The product consists of importing preamplifier PAS and importing server IAS, which can provide a...

CVE-2018-14364

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component...

CVE-2018-14364

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component...

Directory traversal

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component...

CVE-2018-14364

Removed by vendor...

CVE-2018-2978

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8, 2.9 and 2.10. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

CVE-2018-2978

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. Supported versions that are affected are 2.8, 2.9 and 2.10. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

Microsoft Enhanced Mitigation Experience Toolkit (EMET) XML External Entity Injection Vulnerability

Microsoft Enhanced Mitigation Experience Toolkit is a security tool introduced in response to vulnerabilities. It protects users from attacks even when patches are not installed through technologies such as Data Execution Protection DEP, Structured Exception Handling Override Protection SEHOP, an...

Gitlab -- Remote Code Execution Vulnerability in GitLab Projects Import

Gitlab reports: Remote Code Execution Vulnerability in GitLab Projects Import...

Design/Logic Flaw

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...

CVE-2017-15137

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...