CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

PT-2022-27307 · Apache · Axis

Name of the Vulnerable Software and Affected Versions: Appalti & Contratti version 9.12.2 Description: An issue was discovered in the target web applications LFS and DL229, which expose a set of services provided by the Axis 1.4 instance. The Axis AdminService, normally accessible only by...