Filtered by vendor Weaver
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34798 | 1 Weaver | 1 E-office | 2023-08-01 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-3793 | 1 Weaver | 1 E-cology | 2023-07-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql injection. Upgrading to version 10.58.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-235061 was assigned to this vulnerability. | |||||
| CVE-2019-16133 | 1 Weaver | 1 Eteams Oa | 2019-09-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/. | |||||
| CVE-2019-10272 | 1 Weaver | 1 E-cology | 2019-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring. | |||||