40 matches found
CVE-2022-38341
Safe Software FME Server v2021.2.5 and below does not employ server-side validation...
EUVD-2022-40932
Malicious code in bioql PyPI...
EUVD-2022-40930
Malicious code in bioql PyPI...
EUVD-2023-39796
Malicious code in bioql PyPI...
EUVD-2022-40929
Malicious code in bioql PyPI...
CVE-2018-20402
Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant any user the...
CVE-2022-38339
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page...
CVE-2023-35801
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have acce...
CVE-2023-35801
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have acce...
Directory traversal
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have acce...
CVE-2023-35801
Affected software: Safe Software FME Server (prior to 2022.2.5). Vulnerability: directory traversal exposing the ability to bypass validation when editing a network-based resource connection, enabling unauthorized reading and writing of arbitrary files. Requirements/impact: attacker must have a u...
CVE-2023-35801
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have acce...
CVE-2023-35801
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have acce...
CVE-2022-38340
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload...
CVE-2022-38340
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload...
Path traversal
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload...
CVE-2022-38340
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload...
Safe Software FME Server 路径遍历漏洞
Safe Software FME Server is a web-based data conversion application from Safe Software Canada Inc. It is used to automate data and application integration workflows in a code-free environment. Safe Software FME Server suffers from a path traversal vulnerability that stems from a validation check...
CVE-2022-38340
CVE-2022-38340 affects Safe Software FME Server; a Path Traversal flaw exists in the fmedataupload component and is described for FME Server versions before a likely fixed point (v2022.0.1.1 per PT-2022-24378 wording). The vulnerability enables uploading files to arbitrary locations on the server...
CVE-2022-38340
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload...