Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “rootâ€� user level meant only for the vendor. Web…

OFFIS DCMTK’s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary…

OFFIS DCMTK’s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into…

OFFIS DCMTK’s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. Zafiyet…

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could…

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. Zafiyet ile…

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to…

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. Zafiyet ile ilgili Genel Bilgi, Etki…

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including…

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. Zafiyet ile ilgili Genel Bilgi,…