25 matches found
CVE-2022-47875
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code...
Remote code execution
A Remote Code Execution RCE vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods...
Information disclosure
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function...
CVE-2022-47880
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function...
CVE-2022-47880
The CVE-2022-47880 vulnerability affects Jedox implementations exposing /be/rpc.php (test connection) and allows remote, authenticated users with permission to modify database connections to disclose cleartext passwords. The issue is demonstrated in Jedox versions such as 2020.2.5 and is also cit...
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Vulnerability
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878 Introduction...
Jedox 2020.2.5 Cross Site Scripting
Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction...
Jedox 2020.2.5 Groovy-Scripts Remote Code Execution
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Date: 28/04/2023 Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47876 Introducti...
Jedox 2020.2.5 Database Credential Disclosure
Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE :...
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Vulnerability
Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction ================= A...
Jedox 2020.2.5 Configurable Storage Path Remote Code Execution
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878...
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Vulnerability
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47876 Introduction...
CVE-2022-47874
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'...
CVE-2022-47875
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code...
CVE-2022-47876
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts...
CVE-2022-47878
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability...
Input validation
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code...
Cross site scripting
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'...
Directory traversal
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code...
CVE-2022-47874
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'...