27 matches found
EUVD-2022-1543
Malicious code in bioql PyPI...
EUVD-2023-57358
Malicious code in bioql PyPI...
CVE-2023-5012
A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...
CVE-2023-5012
A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...
Design/Logic Flaw
A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...
CVE-2023-5012 Topaz OFD Protection Module Warsaw core.exe unquoted search path
A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...
CVE-2023-5012
The CVE-2023-5012 issue affects Topaz OFD version 2.11.0.201, specifically the Warsaw Protection Module core.exe component located under C:\Program Files\Topaz OFD\Warsaw\core.exe. The root cause is an unquoted search path, enabling local attacker access. There is no indication of remote exploita...
Topaz Labs OFD Code Issue Vulnerability
Topaz Labs OFD is an application from Topaz Labs, Inc. A code issue vulnerability exists in Topaz Labs OFD version 2.11.0.201, which stems from an unknown section of the C:Program FilesTopaz OFDWarsawcore.exe file in the component Protection Module Warsaw, resulting in an unquoted search path...
PT-2023-31479 · Topaz Ofd · Topaz Ofd
Name of the Vulnerable Software and Affected Versions: Topaz OFD version 2.11.0.201 Description: A problematic vulnerability was found in Topaz OFD, affecting an unknown part of the file C:Program FilesTopaz OFDWarsawcore.exe of the component Protection Module Warsaw. The manipulation leads to an...
Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...
Stored XSS via upload file
Description In document feature, you can upload a file .ofd which can have xss Proof of Concept // xss.ofd alert1 Step 1: Go to Support - Documents Step 2: Click Create Documents Step 3: At the Download type, choose Internal. Upload file xss.ofd above. Step 4: Go to that file link, such as:...
Cross-site Scripting (XSS)
showdoc/showdoc is vulnerable to stored cross-site scripting. The vulnerability exists due to lack of xss validations for uploaded OFD files before they get stored which allows an attacker to inject and execute arbitrary javascript...
showdoc Cross-Site Scripting Vulnerability (CNVD-2022-21807)
showdoc is open source and a great tool for IT teams to share documents online. showdoc versions prior to 2.10.4 have a security vulnerability that stems from the application allowing the upload of .ofd files, which leads to a cross-site scripting vulnerability. No detailed vulnerability details...
showdoc .ofd file upload vulnerability
showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .ofd file extensions in the application's file upload feature. An attacker could use this vulnerability to...
GHSA-3PG8-C473-W6RR Stored Cross-site Scripting in showdoc
ShowDoc is a tool for an IT team to share documents online. showdoc contains a stored cross-site scripting vulnerability in the File Library page when uploading a file in .ofd format in versions prior to 2.10.4. At this time, there is no known workaround. Users should update to version 2.10.4...
GHSA-V8MP-HHJQ-H4CJ Cross-site Scripting in ShowDoc
ShowDoc prior to 2.10.4 is vulnerable to stored cross-site scripting via .ofd file upload...
Stored Cross-site Scripting in showdoc
ShowDoc is a tool for an IT team to share documents online. showdoc contains a stored cross-site scripting vulnerability in the File Library page when uploading a file in .ofd format in versions prior to 2.10.4. At this time, there is no known workaround. Users should update to version 2.10.4...
CVE-2022-0965
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4...
CVE-2022-0965 Stored XSS viva .ofd file upload in star7th/showdoc
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4...
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc
Description Stored XSS via uploading file in .ofd format. Proof of Concept filename="test.ofd" alert1 Steps to Reproduce 1. Login into showdoc.com.cn. 2. Navigate to file library https://www.showdoc.com.cn/attachment/index 3. In the File Library page, click the Upload button and choose the test.o...