23 matches found
EUVD-2024-54635
Malicious code in bioql PyPI...
CVE-2024-53018
Memory corruption may occur while processing the OIS packet parser...
CVE-2024-53018
Memory corruption may occur while processing the OIS packet parser...
CVE-2024-53018
CVE-2024-53018 concerns memory corruption in the OIS packet parser affecting Qualcomm chipsets (notably Snapdragon). The issue stems from a flaw in the OIS packet parser implementation, with a CVSS 3.1 vector indicating local attack vector, low privileges and no user interaction, but with potenti...
CVE-2024-53018 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver
Memory corruption may occur while processing the OIS packet parser...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from a possible memory corruption when processing the OIS packet parser...
PT-2025-23576 · Qualcomm · Snapdragon
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Memory corruption may occur while processing the OIS packet parser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
ois-ndt.com Cross Site Scripting vulnerability OBB-3956876
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ois-ndt.com Cross Site Scripting vulnerability OBB-3890714
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ois-ndt.com Cross Site Scripting vulnerability OBB-3489017
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Siemens Siveillance OIS Operating System Command Injection Vulnerability
Siemens Desigo CC is an open building management platform from Siemens, Germany.GMA Manager allows the functional combination of different safety and security systems, such as fire detection systems and video surveillance, on a common platform.Operation Scheduler is a tool that enables security...
Siemens Siveillance OIS
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siveillance OIS Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute code on...
Design/Logic Flaw
A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...
CVE-2021-27839
CVE-2021-27839 describes a CSV injection vulnerability in Online Invoicing System (OIS) versions 4.3 and earlier. The issue allows authenticated users to inject data via CSV exports that could redirect admins to harmful sites or expose other clients’ data. Root cause is CSV injection in OIS’s exp...
CVE-2021-21260
Online Invoicing System OIS is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf...
CVE-2021-21260
Online Invoicing System OIS is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf...
Design/Logic Flaw
Online Invoicing System OIS is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf...
CVE-2021-21260
The CVE-2021-21260 entry describes a stored XSS in Online Invoicing System (OIS) v4.0, caused by unsanitized input reflected in app/items_view.php (Item description). This enables an attacker to potentially takeover an admin account by injecting a payload that extracts a CSRF token and issues a p...
CVE-2021-21260 XSS in description field
Online Invoicing System OIS is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf...
CVE-2020-6583
CVE-2020-6583 affects BigProf Online Invoicing System (OIS) up to version 2.6. The vulnerability is a cross-site scripting (XSS) flaw that enables an attacker to hijack an administrator session by retrieving the session cookie through the Name field in an Add New Client action. The exploitation p...