CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

EUVD-2023-54920

Malicious code in bioql PyPI...

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

Design/Logic Flaw

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

PT-2024-13856 · Ureport2 · Ureport2

Name of the Vulnerable Software and Affected Versions: ureport2 versions 2.2.9 and before Description: The issue allows attackers to write arbitrary files and run arbitrary commands via a crafted POST request. This is due to an Arbitrary File Write vulnerability in the saveReportFile method...

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

CVE-2023-50090

Affected product: ureport2, version 2.2.9 and earlier. Vulnerability: Arbitrary File Write in the saveReportFile method, exploitable via crafted POST requests; enables writing arbitrary files and running arbitrary commands. Impact: high confidentiality, integrity, and availability risks; CVSS v3....

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

XML External Entity (XXE)

UReport2 Core Project is vulnerable to XML External Entity XXE. The vulnerability exists due to the parse function in ReportPaser.java because the interface for saving reports does not sanitize external entity references when parsing XML data allowing an attacker to submit a malicious XML file...

Remote Code Execution

com.bstek.ureport:ureport2-console is vulnerable to remote code execution. A remote attacker is able to read sensitive user files and deserialize local gadgets by connecting the system to a malicious database server...

Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets...

CVE-2022-25767

CVE-2022-25767 affects all versions of the Java package com.bstek.ureport:ureport2-console. The vulnerability enables Remote Code Execution via deserialization when the system connects to a malicious database server, leading to arbitrary file reads and deserialization of local gadgets. Multiple s...

UReport2-console 代码问题漏洞

UReport2 is a high-performance pure Java reporting engine based on Spring architecture . A security vulnerability exists in all versions of UReport2-console, which can be exploited by an attacker to perform remote code execution, resulting in arbitrary file reads and deserialization of local...

Remote Code Execution (RCE)

Overview com.bstek.ureport:ureport2-console is an UReport2 is a high-performance pure Java report engine based on Spring architecture, where complex Chinese-style statements and reports can be prepared by iterating over cells. Affected versions of this package are vulnerable to Remote Code...