Media Library Folder & File Manager Security Vulnerabilities

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, gatekeeper-fips, tigera-operator, vault-k8s-fips, kots, kubernetes-dashboard, flux-kustomize-controller-0.37, flux-notification-controller, boring-registry, tekton-pipelines, bank-vaults-fips, gobuster, grpc-health-probe,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: cert-manager-fips, flux-image-reflector-controller, kubescape, prometheus-fips, scorecard, slsa-verifier, tekton-pipelines, ctop, telegraf, aactl, k3d, skaffold, paranoia, k3s, prometheus, kpt, bom, flux-source-controller-2.0, falco, cert-manager, falcoctl-fips, loki,....

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: kots, cert-manager-fips, datadog-agent, nerdctl, zarf, flux-image-reflector-controller, kubescape, prometheus-fips, scorecard, slsa-verifier, tekton-pipelines, datadog-agent-fips, ctop, istio-fips, newrelic-infrastructure-agent, istio-operator, telegraf,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, vault-k8s-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: kots, cert-manager-fips, datadog-agent, nerdctl, zarf, flux-image-reflector-controller, kubescape, prometheus-fips, scorecard, slsa-verifier, tekton-pipelines, datadog-agent-fips, ctop, istio-fips, newrelic-infrastructure-agent, istio-operator, telegraf,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, vault-k8s-fips, kots, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, kots, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, kubernetes-csi-external-resizer-fips, kubernetes-csi-node-driver-registrar, aws-ebs-csi-driver, metrics-server,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: kots, cert-manager-fips, kubescape, tekton-pipelines, fuse-overlayfs-snapshotter, ctop, newrelic-infrastructure-agent, telegraf, flux-source-controller-0.37, k3d, skaffold, helm, flux-source-controller, helm-push, flux-helm-controller-0.37, flux-source-controller-2.0,....

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: kots, cert-manager-fips, zarf, kubescape, istio-fips, istio-operator, istio-operator-fips, flux-source-controller, helm-push, k9s, k8sgpt, cert-manager, flux-helm-controller, helm-operator, cilium-cli, chartmuseum, up, eksctl, zot,...

CVE-2024-5097 SourceCodester Simple Inventory System tableedit.php#page=editprice cross-site request forgery

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the...

[SECURITY] Fedora 39 Update: buildah-1.35.4-1.fc39

The buildah package provides a command line tool which can be used to * create a working container from scratch or * create a working container from an image as a starting point * mount/umount a working container's root file system for manipulation * save container's root file system layer to...

CVE-2024-5096

A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been.....

CVE-2024-5096 Hipcam Device MAC Address wifi.mac information disclosure

A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been.....

[SECURITY] Fedora 38 Update: mingw-python-werkzeug-2.2.3-2.fc38

MinGW Windows Python Werkzeug...

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

First, a couple of useful oneliners ;) wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700 lse.sh Note...

(Pwn2Own) QNAP TS-464 HLS_tmp Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HLS_tmp parameter provided to the share.cgi endpoint. The...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the....

Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

(Pwn2Own) QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of file uploads. The issue results from the lack of proper...

Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2024-28064

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with...

CVE-2024-28064

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with...

CVE-2024-5094

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has....

CVE-2024-36043

question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink...

CVE-2024-36043

question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink...

CVE-2024-5094 SourceCodester Best House Rental Management System view_payment.php sql injection

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has....

CVE-2024-36043

question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink...

CVE-2024-5093

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-5093 SourceCodester Best House Rental Management System login.php sql injection

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The...

Exploit for CVE-2024-27972

CVE-2024-27972-Poc CVE-2024-27972 WP Fusion Lite <=...

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes...

CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes...

CVE-2024-3812

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3810

The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3812 Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3810 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2023-52665

In the Linux kernel, the following vulnerability has been resolved: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way that is incompatible with the...

Exploit for CVE-2023-4596

CVE-2023-4596...

CVE-2024-35844

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to be unrepairable: unisoc # ./f2fs_io compress test.apk unisoc...

CVE-2024-35807

In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...