CVE-2018-9920

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https:///Identity/STS/Forms/Scripts URL...

CVE-2018-9920

K2 Smartforms 4.6.11 is affected by a server-side request forgery (SSRF) vulnerability. The issue arises in the runtime application when a modified hostname in the URL https://*/Identity/STS/Forms/Scripts allows an attacker to redirect the application to an external domain, manipulating data rend...

K2 Smartforms 4.6.11 Server-Side Request Forgery

Vulnerability type: Server Side Request Forgery Vendor: https://www.k2.com/ Product: K2 Smartforms Affected version: 4.6.11 Credit: Foo Jong Meng CVE ID: CVE-2018-9920 DESCRIPTION: Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an...

Multiple K2 Products SQL Injection Vulnerabilities

K2 blackpearl, smartforms, and K2 for SharePoint are all products from K2 Corporation. blackpearl is a suite of applications for building and running business processes. smartforms is an online business system push messaging product. k2 for SharePoint is a suite of applications for creating forms...

CVE-2015-7299

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...

Sql injection

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...

CVE-2015-7299

The CVE-2015-7299 issue affects K2 products: K2 blackpearl, SmartForms, and K2 for SharePoint (version 4.6.7). A Boolean-based SQL injection exists in Runtime/Runtime/AjaxCall.ashx via the xml parameter, allowing an anonymous attacker to read data and potentially access or reconstruct sensitive D...

CVE-2015-7299

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...

K2 SmartForms / BlackPearl SQL Injection Vulnerability

K2 SmartForms, BlackPearl, and K2 for Sharepoint version 4.6.7 suffer from a boolean-based remote SQL injection vulnerability. Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoi...

K2 SmartForms / BlackPearl SQL Injection

Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 About the Product: K2 smartforms ca...