21 matches found
ITPison OMICARD EDM 安全漏洞
ITPison OMICARD EDM is a high-speed electronic newspaper EDM marketing distribution system developed by the Chinese company ITPison. ITPison OMICARD EDM has a security vulnerability that stems from insecure direct object references. This vulnerability could allow unauthorized remote attackers to...
EUVD-2024-44462
Malicious code in bioql PyPI...
CVE-2024-4894
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery SSRF attacks. This vulnerability enables attackers to probe internal network information...
CVE-2024-4894 ITPison OMICARD EDM - Server-Side Request Forgery
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery SSRF attacks. This vulnerability enables attackers to probe internal network information...
CVE-2024-4894
The CVE-2024-4894 entry concerns ITPison OMICARD EDM and describes an SSRF flaw caused by improper filtering of specific URL parameters. Unauthenticated remote attackers can modify parameters to trigger Server-Side Request Forgery, enabling probing of internal network information. Connected sourc...
CVE-2024-4894 ITPison OMICARD EDM - Server-Side Request Forgery
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery SSRF attacks. This vulnerability enables attackers to probe internal network information...
CVE-2023-48373
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48372
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...
CVE-2023-48372
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...
Path traversal
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48373 ITPison OMICARD EDM 's SMS - Path Traversal
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48373 ITPison OMICARD EDM 's SMS - Path Traversal
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48372 ITPison OMICARD EDM 's SMS - SQL Injection
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...
CVE-2023-48371
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...
CVE-2023-48371
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...
CVE-2023-48371 ITPison OMICARD EDM 's SMS - Arbitrary File Upload
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...
ITPison OMICARD EDM Path Traversal Vulnerability
ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from China's ITPison. A path traversal vulnerability exists in ITPison OMICARD EDM v6.0.1.5, which originates from a path traversal on a specific page, and can be exploited by a remote attacker to bypass...
PT-2023-7872 · Unknown · Itpison Omicard Edm
Name of the Vulnerable Software and Affected Versions: ITPison OMICARD EDM affected versions not specified Description: The file uploading function in ITPison OMICARD EDM does not restrict the upload of files with dangerous types. An unauthenticated remote attacker can exploit this issue to uploa...
ITPison OMICARD EDM 代码问题漏洞
ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from China-based ITPison. A code issue vulnerability exists in ITPison OMICARD EDM that stems from the file upload feature not restricting the upload of dangerous types of files...
ITPison OMICARD EDM 代码问题漏洞
ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from the Chinese company ITPison. ITPison OMICARD EDM suffers from a code issue vulnerability that originates from an unrestricted dangerous type file upload vulnerability, which can be exploited by an attacker...