CVE-2025-6731

A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched...

CVE-2025-6731 yzcheng90 X-SpringBoot APK File apk uploadApk path traversal

A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched...

CVE-2025-6731 yzcheng90 X-SpringBoot APK File apk uploadApk path traversal

A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched...

CVE-2025-6731

CVE-2025-6731 affects yzcheng90 X-SpringBoot up to version 5.0. The vulnerability resides in the function uploadApk within /sys/oss/upload/apk of the APK File Handler, where manipulation of the File argument enables path traversal. It can be exploited remotely, and the proof-of-concept/public exp...

CVE-2019-6731

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion ...

CVE-2024-6731

creationtimestamp| type| source ---|---|--- 2024-07-15 00:57:31+00:00| seen| https://t.me/cvedetector/820...

WordPress WP Show Posts Plugin <= 1.1.5 is vulnerable to Sensitive Data Exposure

Software WP Show Posts Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0bc24cb2903a Credits Lucio Sá Required privilege...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : YARD vulnerabilities (USN-6731-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6731-1 advisory. It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which...

SUSE CVE-2006-6731

Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...

CVE-2020-6731

CVE-2020-6731 entry is rejected/not used and does not represent an active vulnerability.

CVE-2020-6731

...

CVE-2019-6731

Foxit PhantomPDF (and Foxit Reader/PhantomPDF family cited in related records) contains an HTML-to-PDF conversion flaw in which insufficient validation of user-supplied data can cause a read past the end of an allocated object, enabling remote code execution. The vulnerability requires user inter...

CVE-2017-6731

CVE-2017-6731 affects Cisco IOS XR Software in the Multicast Source Discovery Protocol (MSDP) ingress packet processing. An unauthenticated, remote attacker can trigger a short DoS by sending malformed MSDP packets to an established MSDP session, causing the session to reset and restart within se...

Cisco IOS XR Software Multicast Source Discovery Protocol Session Denial of Service Vulnerability (cisco-sa-20170705-iosxr)

A vulnerability in Multicast Source Discovery Protocol MSDP ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service DoS condition. The MSDP session will restart within...

CVE-2016-6731

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6731

CVE-2016-6731 describes an elevation of privilege vulnerability in the NVIDIA GPU driver on Android prior to 2016-11-05. A local malicious app could execute arbitrary code in the kernel context , enabling a potential permanent device compromise. The issue is listed in public vulnerability tracker...

CVE-2015-6731

CVE-2015-6731 concerns the MediaWiki SemanticForms extension. The vulnerability is an XSS flaw in several parameters exposed by forms: section_, template_ , label_*, new_template (Special:CreateForm) and target, alt_form (Special:FormEdit). The root cause is inadequate input filtering in these pa...

CVE-2015-6731

Multiple cross-site scripting XSS vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a 1 section, 2 template, 3 label, or 4 newtemplate parameter to Special:CreateForm or 5 target or 6 altform parameter to Special:FormEdi...

CVE-2014-6731

The CVE-2014-6731 entry concerns the Alfa-Bank Android app (package ru.alfabank.mobile.android) version 5.5.1.1, which does not verify X.509 certificates when establishing SSL connections. This Certificate Validation failure enables man-in-the-middle attackers to spoof servers and obtain sensitiv...

CVE-2013-6731

IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request...