OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There
OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests.
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other use
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users whe
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in th
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all
Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly vali
In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which woul
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information includ
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retr
In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerabilit
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply a
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view
docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.
Page 1+ Next →