WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugins is an open source application plugin for WordPress. A code issue vulnerability exists in WordPress Plugins that...

OpenMage Magento LTS Input Validation Error Vulnerability (CNVD-2021-101205)

OpenMage Magento Lts Magento, an e-commerce system from the OpenMage organization, is vulnerable to an input validation error in versions prior to OpenMage Magento LTS 19.4.15 and 20.0.13, which can be exploited by attackers to upload arbitrary executable files to the server...

Data Flow Sanitation Issue Fix

Impact Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server...

GHSA-XM9F-VXMX-4M58 Data Flow Sanitation Issue Fix

Impact Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution. Lack of data flow sanitization allows admin users to upload malicious executable files to the server...

Design/Logic Flaw

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

CVE-2021-32759

OpenMage magento-lts before versions 19.4.15 and 20.0.13 are affected by a data-flow sanitation flaw that allowed admin users to upload arbitrary executable files to the server. The issue is mitigated by patches introduced in OpenMage 19.4.15 and 20.0.13. The connected sources consistently descri...

CVE-2021-32759 Data Flow Sanitation Issue Fix

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

Unrestricted file upload

Authenticated File Upload in WordPress Download Manager = 3.1.24 allows authenticated Author+ users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions...

ObjectPlanet Opinio 代码问题漏洞

ObjectPlanet Opinio is an online survey system from the Norwegian company ObjectPlanet. A security vulnerability exists in ObjectPlanet Opinio versions prior to 7.15, which stems from the program allowing unlimited file uploads of executable JSP files, leading to remote code execution...

IBM Security Access Manager 代码问题漏洞

IBM Security Access Manager is a product of IBM Corporation for information security management. A security vulnerability exists in IBM Security Access Manager Docker, which stems from the fact that IBM Security Access Manager Docker can allow remote privileged users to upload arbitrary files wit...

Trojan.Win32.VB.bcng Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/10550ca42c32c22bdd0515020cff38dd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.VB.bcng Vulnerability: Insecure Permissions Description: The malware creates a dir with...

Code injection

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user...

CVE-2021-1428

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...

Information disclosure

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...

CVE-2021-1496

Cisco AnyConnect Secure Mobility Client for Windows is affected by DLL and executable hijacking vulnerabilities in the install, uninstall, and upgrade processes (CVE-2021-1496). An authenticated, local attacker with valid Windows credentials could hijack DLL or executables used by the client to e...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Event Banner version 1.3 and prior versions...

CVE-2021-26293

CVE-2021-26293 affects AfterLogic Aurora and WebMail Pro (DAV enabled). The vulnerability stems from directory traversal in the WebDAV handling (DAVServer.php/DAV/Server.php) that allows creating files under the web root, enabling potential remote code execution via uploaded files. Severity is hi...

Fedora 32 : radare2 (2021-e3c95619c1)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-e3c95619c1 advisory. - radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATnam...

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M"...