1271 matches found
Design/Logic Flaw
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
WordPress plugin InPost Gallery 路径遍历漏洞
WordPress and others are products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language.WordPress plugin is an application plugin.PHP and others are products of.PHP is a scripting language that executes on the server side. A path traversal...
InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The plugin insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. PoC Invoke the following shell commands to disclose the /etc/passwd file: Define the payload "pagepath"...
PT-2022-26120 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: TensorFlow is an open source platform for machine learning. If a list of quantiz...
CVE-2022-41889
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...
python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments
A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...
libtiff: heap buffer overflow in extractImageSection
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...
libtiff: heap buffer overflow in extractImageSection
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...
LibTIFF 缓冲区错误漏洞
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for processing TIFF files.LibTIFF suffers from a buffer overflow vulnerability that originates in TIFFmemcpy in libtiff/tifunix.c:346, which has an out-of-bounds...
The vulnerability of the extract and extractall functions in the tarfile module of the Python interpreter allows a hacker to execute arbitrary code.
The vulnerability of the extract and extractall functions in the tarfile module of the Python interpreter is related to incorrect pathname restrictions for restricted access directories. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...
CVE-2022-3212
::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally:...
CVE-2022-39135
Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...
Apache Calcite 代码问题漏洞
Apache Calcite is an open source framework from the Apache USA Foundation for building databases and data management systems. A code issue vulnerability exists in Apache Calcite versions prior to 1.32.0 that stems from the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM, and EXTRACTVALUE not...
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 48d6ece8.
...
The vulnerability of the extractImageSection() function in the tools/tiffcrop.c component of the LibTIFF library allows a hacker to induce a service failure.
The vulnerability of the extractImageSection function in the tools/tiffcrop.c component of the LibTIFF library is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure using a specially crafted file...
CVE-2022-2953
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8...
Exploit for SQL Injection in Djangoproject Django
CVE-2022-34265 PoC for CVE-2022-34265 --- Description...
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
...