15 matches found
CVE-2022-45326
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
CVE-2022-45326
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
Design/Logic Flaw
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
CVE-2022-45326
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
CVE-2022-45326
An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...
CVE-2022-45326
CVE-2022-45326 affects Kwoksys Kwok Information Server — vulnerable component: XML processing (XXE) leading to server-side request forgery (SSRF). Affected: versions before 2.9.5.SP31; root cause is an XML external entity vulnerability. Impact as described: remote authenticated users can trigger ...
PT-2022-27466 · Kwoksys · Kwok Information Server
Name of the Vulnerable Software and Affected Versions: Kwoksys Kwok Information Server versions prior to 2.9.5.SP31 Description: An XML external entity XXE injection issue allows remote authenticated users to conduct server-side request forgery SSRF attacks. This enables attackers to manipulate t...
CVE-2013-5028
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...
Sql injection
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...
CVE-2013-5028
Kwoksys Kwok Information Server vulnerable to SQL injection in IT/hardware-list.dll (versions before 2.8.5). Affected component is the search command handling (hardwareType, hardwareStatus, hardwareLocation) with remote-authenticated access leading to arbitrary SQL execution. Root cause is improp...
CVE-2013-5028
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...
Kwok Information Server 2.7.3 / 2.8.4 SQL Injection Vulnerability
Kwok Information Server versions 2.7.3 and 2.8.4 suffer from a remote blind SQL injection vulnerability. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Kwok Information Server Blind Sql Injection || || Affected Version : 2.7.3 & 2.8.4 || || Vendor :...
Kwok Information Server 2.7.3 / 2.8.4 SQL Injection
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Kwok Information Server Blind Sql Injection || || Affected Version : 2.7.3 & 2.8.4 || || Vendor : http://www.kwoksys.com/index.php || || Risk : Medium || || CVE-ID : 2013-5028 || || Tested on Platform : Windows...
Kwok Information Server - Multiple SQL Injections
Kwok Information Server - Multiple SQL Injections source: https://www.securityfocus.com/bid/61728/info Kwok Information Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may...
Kwok Information Server - Multiple SQL Injections
source: https://www.securityfocus.com/bid/61728/info Kwok Information Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application,...