4 matches found
CVE-2022-31512
The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
flask-mvc 路径遍历漏洞
flask-mvc is a repository by the individual developer Candra Nur Ihsan. A security vulnerability exists in flask-mvc version 2020-09-14 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...
Photon OS 2.0: Linux PHSA-2020-2.0-0283
An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0283. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid140709...
CVE-2020-25750
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...