CVE-2018-1000635

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been...

EUVD-2018-1968

Malware in sbrugna...

EUVD-2021-0158

Malware in sbrugna...

CVE-2021-21377

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...

CVE-2018-1000633

The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable vi...

scottishmicroscopygroup.org.uk Cross Site Scripting vulnerability OBB-3914406

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

OMERO.web跨站脚本漏洞

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A cross-site scripting vulnerability exists in omero-web that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit...

CVE-2021-21376

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

PYSEC-2021-31

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

Information disclosure

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

Input validation

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...

CVE-2021-21377

Summary: CVE-2021-21377 affects OMERO.web up to version 5.9.0, where redirects after login or group context switch could be sent to untrusted external URLs due to missing URL validation. The vulnerability is mitigated in 5.9.0 by added URL validation; external URLs are rejected unless explicitly ...

CVE-2021-21376

CVE-2021-21376 affects OMERO.web (Django-based web interface for OMERO). The vulnerability arises because before version 5.9.0, the main webclient pages load and expose various information about the current user (e.g., user id, name, and group memberships). Some additional loaded information is n...

OMERO.web 输入验证错误漏洞

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web that allows redirection to untrusted sites...

OMERO.web 信息泄露漏洞

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. An information disclosure vulnerability exists in OMERO.web that stems from the exposure of page information...

OMERO.server information disclosure vulnerability (CNVD-2021-20273)

OMERO.server is an image server from the Open Microscopy Environment team. A security vulnerability exists in OMERO.server versions prior to 5.6.1. An attacker could exploit this vulnerability to obtain per-user details...

CVE-2019-9944

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames...

Design/Logic Flaw

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames...

CVE-2019-9943

In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled...

CVE-2019-9943

Affected software: Open Microscopy Environment OMERO.server 5.1.0–5.6.0. Vulnerability: permissions on OMERO model objects may be circumvened during operations such as move and delete due to mishandled group permissions. Root cause (as described): group permissions mishandling leads to permission...