NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

EUVD-2018-8519

Malware in sbrugna...

EUVD-2018-8518

Malware in sbrugna...

de.julielab:julielab-concept-creation-bioportal (>=1.2.0 <=1.3.1), de.julielab:julielab-concept-creation-famplex (>=1.2.0 <=1.3.1) +6 more potentially affected by CVE-2022-37423 via org.neo4j.procedure:apoc (>=4.4.0.16 <=4.4.0.2)

org.neo4j.procedure:apoc MAVEN version =4.4.0.16, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.3.1 - org.jqassistant.plugin:jqassistant-apoc-plugin =2.0.0 Source cves: CVE-2022-37423 Source advisory: OSV:GHSA-78F9-745F-278P...

All Vulnerabilities for dtd.wip.ncbi.nlm.nih.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| dtd.wip.ncbi.nlm.nih.gov ---|--- Open B...

ncbi.nlm.nih.gov Cross Site Scripting vulnerability OBB-1459143

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2018-16716

A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string...

Cross site scripting

An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument...

CVE-2018-16718

An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument...

Heap overflow

A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox...

CVE-2018-16717

A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox...

Path traversal

A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string...

CVE-2018-16718

An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument...

CVE-2018-16718

The CVE-2018-16718 entry describes an XSS vulnerability in the NCBI ToolBox component wwwblast.c for legacy versions 2.0.7–2.2.26, exploitable via a crafted -z1 argument. The affected code path and exact root cause are not elaborated in the provided documents beyond stating XSS exists. No explici...

CVE-2018-16717

The CVE-2018-16717 entry concerns a heap-based buffer overflow in nph-viewgif.cgi within legacy NCBI ToolBox versions 2.0.7–2.2.26. Public records cite a critical impact (CVSSv3 base score 9.8) with network attack vector and no authentication, indicating a high-risk condition that could lead to c...

CVE-2018-16717

A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox...

CVE-2018-16716

A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string...

CVE-2018-16716

Summary of CVE-2018-16716 Affected software: NCBI ToolBox legacy versions 2.0.7 through 2.2.26. Vulnerability: Path traversal via viewcgi.cgi (and potential file deletion via nph-viewgif.cgi), enabling reading of arbitrary server files and significant information disclosure. Root cause (per sourc...

support.ncbi.nlm.nih.gov XSS vulnerability

Vulnerable URL: https://support.ncbi.nlm.nih.gov/ics/support/KBResult.asp?searchFor=%3E%27%3E%22%3Es%3Ci%3Ei%3Cimg+src%3Dx+onerror%3Dprompt%28%2Fopenbugbounty%2F%29%3E=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability...

Tripal BLAST UI - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-054

This module enables you to run NCBI BLAST jobs on the host system. The module doesn't sufficiently validate advanced options available to users submitting BLAST jobs, thereby exposing the ability to enter a short snippet of shell code that will be executed when the BLAST job is run. This...