Open Microscopy Environment OMERO.web Information Disclosure Vulnerability

Open Microscopy Environment OMERO.web is a set of open source image management platform for Web applications. The platform supports a variety of image file formats , and image management , viewing and editing operations . An information disclosure vulnerability exists in the login form and change...

CVE-2018-1000634

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use use...

CVE-2018-1000633

The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable vi...

CVE-2018-1000634

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use use...

OMERO Elevation of Privilege Vulnerability

OMERO is an open source image management viewing application. A security vulnerability exists in OMERO 5.3.3 and earlier versions. An attacker can exploit the vulnerability by creating an OriginalFile and adjusting its path to manipulate other users' data...

Code injection

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data...

CVE-2017-1000438

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data...

CVE-2017-1000438

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data...

CVE-2017-1000438

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data...

CVE-2017-1000438

CVE-2017-1000438 concerns OMERO 5.3.3 and earlier, where a user could create an OriginalFile and adjust its path to point to another user’s file on the underlying filesystem, allowing manipulation of that user’s data. The root cause is improper handling of file paths for OriginalFile records, ena...