CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

Design/Logic Flaw

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

Design/Logic Flaw

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

CVE-2023-36486

The CVE-2023-36486 issue affects ILIAS’s workflow-engine prior to versions 7.23 and 8 prior to 8.3. It allows remote authenticated users to execute arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. The vu...

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

ILIAS Security Vulnerabilities

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS versions prior to 7.23 and prior to 8.3, which stems from a workflow-engine vulnerability that allows an attacker to run arbitrary system commands on an application server as an application user via a...

CVE-2023-36485

The CVE concerns ILIAS workflow-engine vulnerability present in versions prior to 7.23 (and 8 prior to 8.3). A malicious BPMN2 workflow definition file can be used by remote authenticated users to execute arbitrary system commands on the application server as the ILIAS application user, due to in...

ILIAS < 7.23, 8.x < 8.3 Multiple Vulnerabilities

ILIAS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if description...

PT-2023-8583 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.23 ILIAS versions 8 prior to 8.3 Description: The issue is related to insufficient input validation in the workflow-engine of ILIAS, allowing remote authenticated users to execute arbitrary system commands on the...

CVE-2022-29164

Affected software: Argo Workflows (Kubernetes) Vulnerability summary: An attacker can craft a HTML artifact in a workflow that contains a script using XHR to interact with the Argo Server API. The attacker emails a link to the deep-link artifact; when opened by a victim, the script executes with ...

Osmedeus - A Workflow Engine For Offensive Security

A Workflow Engine For Offensive Security Installation NOTE that you need some essential tools like curl, wget, git, zip and login as root to start bash -c "$curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh" Build the engine from source Make sure you installed...

CVE-2021-32639

Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery SSRF. In particular, the RegisterPeerAction endpoint and the AddChildDirectoryAction endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary...

CVE-2021-32639

CVE-2021-32639 concerns Emissary, a P2P-based workflow engine. The vulnerability affects Emissary version 6.4.0, where the endpoints RegisterPeerAction and AddChildDirectoryAction are susceptible to Server-Side Request Forgery (SSRF) , potentially leading to credential leakage. Multiple connected...

CVE-2021-32647

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...

Design/Logic Flaw

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...

Emissary 注入漏洞

Emissary is a software application. A P2P-based data-driven workflow engine that runs across heterogeneous and potentially widely distributed multi-tier P2P network computing resources. Emissary suffers from a security vulnerability that makes it susceptible to post-authentication Remote Code...

Emissary 代码问题漏洞

Emissary is a software application. A P2P-based data-driven workflow engine that runs on heterogeneous and potentially widely distributed multi-tier P2P network computing resources. A security vulnerability exists in Emissary 5.9.0, which can be exploited by an attacker to upload arbitrary files...