36 matches found
Nuxeo <10.3 - Remote Code Execution
Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. id: CVE-2018-16341 info: name: Nuxeo 10.3 - Remote Code Execution author: madrobot severity: high description: | Nuxeo prior to version 10.3 is susceptible to a...
EUVD-2013-4380
Malware in sbrugna...
EUVD-2017-14945
Malware in sbrugna...
EUVD-2023-0583
Malicious code in bioql PyPI...
CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
Security Bulletin: IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system [CVE-2013-4521, CVE-2013-2165 and CVE-2018-14667]
Summary IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system CVE-2013-4521. IBM Security Verify Governance is vulnerable to remote attacks caused by an error related to the handling of deserialization CVE-2013-2165. IBM Security Verify Governance ...
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
GHSA-X347-FC9W-W7C3 Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
Cross site scripting
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2021-32828
The CVE-2021-32828 entry affects Nuxeo Platform 11.5.109, where the oauth2 REST API is vulnerable to Reflected XSS, which can be escalated to Remote Code Execution (RCE) via the automation API. The available connected documents confirm the affected software/component and the root cause/impact. Re...
PT-2023-12175 · Nuxeo · Nuxeo Platform
Name of the Vulnerable Software and Affected Versions: Nuxeo Platform version 11.5.109 Description: The Nuxeo Platform is an open source content management platform for building business applications. In the affected version, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS...
CVE-2021-32828 Regular expression Denial of Service in MooTools
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
Nuxeo 跨站脚本漏洞
Nuxeo is an open source, customizable and extensible content management platform from Nuxeo Open Source. It is used to build business applications. A cross-site scripting vulnerability exists in Nuxeo version 11.5.109, which stems from the fact that an attacker can implement reflective cross-site...
CVE-2021-32828 Regular expression Denial of Service in MooTools
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2013-4521
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-216...
Deserialization of untrusted data
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-216...
CVE-2013-4521
CVE-2013-4521 affects the RichFaces deserialization path in Nuxeo Platform (versions 5.6.0 before HF27 and 5.8.0 before HF-01). The vulnerability arises because the implementation does not restrict which classes’ deserialization methods can be called, enabling a remote attacker to execute arbitra...
CVE-2013-4521
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-216...