ZK Framework - Information Disclosure

ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute...

EUVD-2013-5796

Malware in sbrugna...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

CVE-2022-36537

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...

CVE-2013-5966

Cross-site scripting XSS vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Potix ZK Framework AuUploader Remote File Disclosure (CVE-2022-36537)

The version of Potix ZK Framework detected on the remote host is prior to 8.6.4.2, 9.0.1.3, 9.5.1.4, 9.6.0.2, or 9.6.2. If is, therefore, affected by a remote file disclosure vulnerability: - ZK Framework allows attackers to access sensitive information via a crafted POST request sent to the...

ZK Framework < 8.6.4.2 / 9.0.x < 9.0.1.3 / 9.5.x < 9.5.1.4 / 9.6.0.x < 9.6.0.2 / 9.6.x < 9.6.2 Authentication Bypass

ZK is a popular Java Web framework for building enterprise Web applications. By forging a POST request to the AuUpload ZK serverlets, an unauthenticated attacker can retrieve the content of a file located in the web context. No source data...

Active Exploitation of ZK Framework CVE-2022-36537

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software. The root cause of the vulnerability is an...

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

ZK Framework AuUploader Unspecified Vulnerability

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

VulnCheck KEV: CVE-2022-36537

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager SBM. The issue, characterized as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to...

GHSA-6278-2Q4M-CMF3 ZK Framework vulnerable to malicious POST

ZK Framework version 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...

ZK Framework vulnerable to malicious POST

ZK Framework version 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...

CVE-2022-36537

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...

CVE-2022-36537

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...