github haven 代码问题漏洞

github haven is a software application. self-hostable private blog. A security vulnerability exists in Haven version 5d15944, which can be exploited by an attacker to create new RSS feeds...

CVE-2022-40037

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...

CVE-2022-40037

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...

CVE-2022-40035

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component...

CVE-2022-40035

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component...

Unrestricted file upload

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component...

Design/Logic Flaw

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component...

Command injection

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...

blog-ssm 代码问题漏洞

blog-ssm is a JavaWeb-based blogging project by the individual developer Rawchen in China. A security vulnerability exists in Rawchen blog-ssm v1.0, which stems from a file upload vulnerability that can be exploited by an attacker to execute arbitrary commands and gain privilege escalation via th...

Rawchen blog-ssm 安全漏洞

blog-ssm is a JavaWeb-based blog project by the individual developer Rawchen in China. A security vulnerability exists in Rawchen blog-ssm v1.0, which originated from a vulnerability that allows attackers to bypass privilege checks and obtain sensitive user information via the /adminGetUserList...

Rawchen blog-ssm 代码问题漏洞

blog-ssm is a JavaWeb-based blog project by the individual developer Rawchen in China. A security vulnerability exists in Rawchen blog-ssm v1.0 that could allow a remote attacker to elevate privileges and execute arbitrary commands via the component /upFile...

Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI

Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity...

PT-2023-13743 · Unknown · Rawchen Blog-Ssm

Name of the Vulnerable Software and Affected Versions: Rawchen Blog-ssm version 1.0 Description: A file upload issue allows attackers to execute arbitrary commands and gain escalated privileges via the "uploadFileList" component, specifically through the "/uploadFileList" API endpoint...

CVE-2022-40035

Rawchen Blog-ssm v1.0 is affected by a File Upload vulnerability in the /uploadFileList endpoint that allows arbitrary command execution and privilege escalation. The CVE describes the vulnerability but provides no remediation details or patched version within the supplied documents. No exploitat...

CVE-2022-40035

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component...

CVE-2022-40035

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component...

CVE-2022-40036

CVE-2022-40036 affects Rawchen blog-ssm v1.0. The vulnerability is a permission-check bypass in the /adminGetUserList component that can lead to leakage of sensitive user information. Root cause: inadequate authorization checks allow an attacker with network access to obtain user data; no exploit...

PT-2023-13744 · Rawchen · Rawchen Blog-Ssm

Name of the Vulnerable Software and Affected Versions: Rawchen blog-ssm version 1.0 Description: An issue was discovered that allows an attacker to obtain sensitive user information by bypassing permission checks via the "adminGetUserList" component, specifically through the "/adminGetUserList" A...

CVE-2022-40036

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component...

CVE-2022-40037

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...