Media Library Folder & File Manager Security Vulnerabilities

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....

Ubuntu: Security Advisory (USN-6795-1)

The remote host is missing an update for...

K000139810: Oracle Java vulnerability CVE-2024-20919

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:.....

CVE-2024-5437 SourceCodester Simple Online Bidding System save_category cross site scripting

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...

rockhopper Buffer Overflow vulnerability

A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local...

rockhopper Buffer Overflow vulnerability

A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local...

dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....

dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....

CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap....

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG...

CVE-2024-28061

An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database...

CVE-2024-35510

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted...

SimpleSAMLphp signature validation bypass

Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....

SimpleSAMLphp signature validation bypass

Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....

CVE-2022-45171

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without...

CVE-2023-46694

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager...

linux-intel-iotg vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....

CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to....

CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

TIBCO Security Advisory: May 28, 2024 - TIBCO Managed File Transfer Platform Server for Unix - CVE-2024-4407

TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...

silverstripe/userforms file upload exposure on UserForms module

The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...

silverstripe/userforms file upload exposure on UserForms module

The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords (encrypted with a hardcoded key common to all devices). This...

CVE-2024-34854

F-logic DataCube3 v1.0 is vulnerable to File Upload via...

CVE-2024-34852

F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful...

CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...

OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

Kaminari Insecure File Permissions Vulnerability

A moderate severity security vulnerability has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This advisory outlines the vulnerability, affected versions, and provides guidance for mitigation. Impact This vulnerability is of moderate...

Kaminari Insecure File Permissions Vulnerability

A moderate severity security vulnerability has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This advisory outlines the vulnerability, affected versions, and provides guidance for mitigation. Impact This vulnerability is of moderate...

CVE-2024-23601

A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...

CVE-2024-35324

Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via...

CVE-2024-33849

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic...

CVE-2023-35953

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible....

CVE-2023-35951

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible....

CVE-2023-35950

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible....

CVE-2023-35949

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible....

CVE-2023-35952

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible....

CVE-2023-49600

An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this...

CVE-2024-23950

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...

CVE-2024-23949

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...

CVE-2024-23951

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...

CVE-2024-23947

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...

CVE-2024-23948

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...