CVE-2023-2139 – Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
https://notcve.org/view.php?id=CVE-2023-2139
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. • https://www.3ds.com/vulnerability/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1288 – ENOVIA Live Collaboration V6R2013xE is affected by an XML External Entity injection (XXE) vulnerability
https://notcve.org/view.php?id=CVE-2023-1288
An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server. • https://www.3ds.com/vulnerability/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2023-1287 – ENOVIA Live Collaboration V6R2013xE is affected by an XSL template injection vulnerability
https://notcve.org/view.php?id=CVE-2023-1287
An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. • https://www.3ds.com/vulnerability/advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2020-25507
https://notcve.org/view.php?id=CVE-2020-25507
An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. • https://community.nomagic.com/finding-and-fixing-wrong-file-permission-twc-installation-t7165.html https://docs.nomagic.com/display/TWCloud190/Installation+on+Linux+using+scripts https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md https://sick.codes/finding-a-vulnerability-in-teamwork-cloud-server-nomagic-3ds-which-is-used-by-gov-enterprise-to-design-rockets-missiles-and-satellites https://sick.codes/sick-2020-002 https://web.archive.org/web/20201219095507/https://docs.nomagic.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2014-2073
https://notcve.org/view.php?id=CVE-2014-2073
Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus." Desbordamiento de búfer basado en pila en Dassault Systemes CATIA V5-6R2013 permite que atacantes remotos ejecuten código arbitrario mediante un paquete manipulado. Esto está relacionado con "CATV5_Backbone_Bus". • http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html • CWE-787: Out-of-bounds Write •