Directory traversal

An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal...

CVE-2023-33756

An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal...

CVE-2023-33756

An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal...

CVE-2023-24189

An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...

CVE-2023-24189

An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...

Xxe

An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...

CVE-2023-24189

Summary (CVE-2023-24189) : An XML External Entity (XXE) vulnerability in urule v2.1.7 allows remote code execution by uploading a crafted XML file to the API endpoint /urule/common/saveFile. This affects urule’s XML handling and is deemed CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; b...

CVE-2023-24189

An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...

CVE-2018-11734

In e107 v2.1.7, output without filtering results in XSS...

Cross site scripting

In e107 v2.1.7, output without filtering results in XSS...

Design/Logic Flaw

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...