Lucene search
K

21 matches found

Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.8 views

Exploiting Logic Asymmetry in Modern Web Application Firewalls

This research whitepaper demonstrates that even the most modern WAFs remain vulnerable to attacks exploiting logic asymmetry in HTTP protocol processing. Real-world testing on a Weaver Ecology OA system achieved a 100% bypass rate 40/40 test cases, confirming the critical severity of this...

5.5AI score
Exploits0
NVD
NVD
added 2026/04/30 5:16 p.m.4 views

CVE-2022-50992

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

8.7CVSS0.00705EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/07 12:51 p.m.26 views

CVE-2026-22679 Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...

9.8CVSS0.2148EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Weaver e-cology 访问控制错误漏洞

Weaver e-cology is a collaborative management application platform developed by the Chinese company Weaver. Versions of Weaver e-cology prior to 10.0 20260312 contained an access control vulnerability. This vulnerability stemmed from unvalidated remote code execution, which could lead to the...

9.8CVSS6.5AI score0.2148EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.9 views

CVE-2024-48072

Weaver Ecology v9. was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction=getFieldTriggerValue==HrmResourceManager=1%3d1=1=%3d=1...

9.8CVSS9.8AI score0.00434EPSS
Exploits0References1
OSV
OSV
added 2024/11/19 6:15 p.m.4 views

CVE-2024-48072

Weaver Ecology v9. was discovered to contain a SQL injection vulnerability via the component...

9.8CVSS5.8AI score0.00434EPSS
Exploits0References2
NVD
NVD
added 2024/11/19 6:15 p.m.11 views

CVE-2024-48072

Weaver Ecology v9. was discovered to contain a SQL injection vulnerability via the component...

9.8CVSS0.00434EPSS
Exploits0References2
NVD
NVD
added 2024/11/19 6:15 p.m.7 views

CVE-2024-48070

An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges...

9.8CVSS0.00698EPSS
Exploits0References2
NVD
NVD
added 2024/11/19 6:15 p.m.13 views

CVE-2024-48069

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges...

9.8CVSS0.00402EPSS
Exploits0References2
CVE
CVE
added 2024/11/19 12:0 a.m.44 views

CVE-2024-48069

Weaver E-cology (Weaver E-cology) is affected, specifically version 9.. The vulnerability stems from race conditions that allow bypassing security controls, enabling the upload of malicious files and potential control of server privileges. A related remote code execution issue is reported in the ...

9.8CVSS6.7AI score0.00402EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/19 12:0 a.m.22 views

CVE-2024-48069

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges...

0.00402EPSS
Exploits0References2
CVE
CVE
added 2024/11/19 12:0 a.m.47 views

CVE-2024-48072

CVE-2024-48072 affects Weaver Ecology v9., with a SQL injection vulnerability in the web component "/mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField= &fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition=1&expressi...

9.8CVSS8.3AI score0.00434EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/19 12:0 a.m.22 views

CVE-2024-48072

Weaver Ecology v9. was discovered to contain a SQL injection vulnerability via the component...

0.00434EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/19 12:0 a.m.10 views

CVE-2024-48070

An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges...

0.00698EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/19 12:0 a.m.10 views

CVE-2024-48072

Weaver Ecology v9. was discovered to contain a SQL injection vulnerability via the component...

8.3AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2024/11/19 12:0 a.m.61 views

CVE-2024-48070

CVE-2024-48070 affects Weaver E-cology. Multiple sources describe a vulnerability where attackers can craft requests to insert remote code and potentially execute code with server privileges, linked to a SQL injection issue in Weaver E‑cology v9.x. Affected component: SQL handling in Weaver E‑col...

9.8CVSS6.8AI score0.00698EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/11/19 12:0 a.m.40 views

CVE-2024-48071

CVE-2024-48071 affects E-cology/Weaver e-cology and is described as a directory traversal vulnerability that could enable an attacker to delete server files and cause permanent denial of service. Connected sources corroborate a traversal flaw but do not provide concrete exploit details, affected ...

6.5CVSS6.4AI score0.00843EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/19 12:0 a.m.16 views

CVE-2024-48071

E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service...

0.00843EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.4 views

PT-2023-2925

Name of the Vulnerable Software and Affected Versions Weaver e-cology versions up to 9.0 Description A problematic vulnerability was found in the RequestInfoByXml function of the API component, leading to xml external entity reference. This issue is related to incorrect restriction of XML links t...

8.8CVSS6AI score0.00984EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2021/05/07 3:54 p.m.4 views

com.github.liuzhenghui:weaver-ecology-parent (>=9.00.2110.07.220316 <=9.00.2112.03.220528) potentially affected by CVE-2020-25020 via net.sf.mpxj:mpxj (=7.4.3)

net.sf.mpxj:mpxj MAVEN version =7.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on net.sf.mpxj:mpxj and may be impacted: - com.github.liuzhenghui:weaver-ecology-parent =9.00.2110.07.220316, =9.00.2112.03.220528 Source cves: CVE-2020-25020 Source...

9.8CVSS7.2AI score0.02591EPSS
Exploits0
Rows per page
Query Builder