12 matches found
EUVD-2022-37503
Malicious code in bioql PyPI...
EUVD-2022-37504
Malicious code in bioql PyPI...
EUVD-2022-37502
Malicious code in bioql PyPI...
CVE-2022-34551
Sims v1.0 was discovered to allow path traversal when downloading attachments...
CVE-2022-34551
Sims v1.0 was discovered to allow path traversal when downloading attachments...
CVE-2022-34549
Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file...
Path traversal
Sims v1.0 was discovered to allow path traversal when downloading attachments...
CVE-2022-34551
Sims v1.0 was discovered to allow path traversal when downloading attachments...
CVE-2022-34551
CVE-2022-34551 affects Sims v1.0 and is a path-traversal vulnerability in the attachments download function. The issue enables traversal of the file system when downloading attachments, potentially exposing sensitive data (C: high confidentiality impact stated). No explicit exploitation details a...
CVE-2022-34549
CVE-2022-34549 concerns Sims v1.0, which contains an arbitrary file upload vulnerability in the /uploadServlet. The underlying issue allows attackers to escalate privileges and execute arbitrary commands by crafting a file. The NVD/associated reports rate this as a high-severity, network-exposed ...
CVE-2022-34550
The CVE-2022-34550 issue affects Sims v1.0, where a cross-site scripting (XSS) vulnerability exists in the/addNotifyServlet. It allows an attacker to inject arbitrary web scripts/HTML via the notifyInfo parameter, enabling user-facing script execution. The NVD entry lists CVSS v3.1 base metrics (...
CVE-2022-34549
Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file...