Category Archives: Advisories

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection

Title: Journyx Unauthenticated XML External Entities Injection
Advisory ID: KL-001-2024-010
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux…

Read More

KL-001-2024-009: Journyx Reflected Cross Site Scripting

Read Time:21 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-009: Journyx Reflected Cross Site Scripting

Title: Journyx Reflected Cross Site Scripting
Advisory ID: KL-001-2024-009
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE Classification: CWE-81:…

Read More

KL-001-2024-008: Journyx Authenticated Remote Code Execution

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-008: Journyx Authenticated Remote Code Execution

Title: Journyx Authenticated Remote Code Execution
Advisory ID: KL-001-2024-008
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce

Title: Journyx Unauthenticated Password Reset Bruteforce
Advisory ID: KL-001-2024-007
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal

Read Time:21 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal

Title: Open WebUI Arbitrary File Upload + Path Traversal
Advisory ID: KL-001-2024-006
Publication Date: 2024.08.D06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt

1. Vulnerability Details

     Affected Vendor: Open WebUI
     Affected Product: Open WebUI
     Affected Version: 0.1.105
     Platform: Debian 12
     CWE…

Read More

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting

Read Time:22 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting

Title: Open WebUI Stored Cross-Site Scripting
Advisory ID: KL-001-2024-005
Publication Date: 2024.08.06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt

1. Vulnerability Details

     Affected Vendor: Open WebUI
     Affected Product: Open WebUI
     Affected Version: 0.1.105
     Platform: Debian 12
     CWE Classification: CWE-79:…

Read More