1015 matches found
CVE-2023-35844
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used...
Remote Code Execution (RCE)
craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability exists due to a lack of file extension validation in the resolveTemplate function when the name parameter is empty, which allows an admin authenticated attacker to upload and execute malicious code on the system...
Phishing attack vulnerability by uploading malicious HTML file
Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...
CVE-2023-32689
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
Summary Unrestricted file extension lead to a potential Remote Code Execution Authenticated, ALLOWADMINCHANGES=true Details Vulnerability Cause : If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...
GHSA-VQXF-R9PH-CC9C Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
Summary Unrestricted file extension lead to a potential Remote Code Execution Authenticated, ALLOWADMINCHANGES=true Details Vulnerability Cause : If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...
CVE-2023-32679
Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal -...
Design/Logic Flaw
Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal -...
CVE-2023-32679 Remote Code Execution via unrestricted file extension in Craft CMS
Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal -...
CVE-2023-32679 Remote Code Execution via unrestricted file extension in Craft CMS
Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal -...
CVE-2023-32679 Remote Code Execution via unrestricted file extension in Craft CMS
Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal -...
PT-2023-23955 · Craft Cms · Craft Cms
Name of the Vulnerable Software and Affected Versions: Craft CMS versions prior to 4.4.6 Description: The issue is related to an unrestricted file extension that may lead to Remote Code Execution. In the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...
EulerOS 2.0 SP11 : libXpm (EulerOS-SA-2023-1762)
According to the versions of the libXpm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and c...
Fedora: Security Advisory for golang-github-gabriel-vasile-mimetype (FEDORA-2023-cb20f08a4e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: golang-github-gabriel-vasile-mimetype-1.4.2-1.fc37
A fast Golang library for media type and file extension detection, based on magic numbers...
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-102-01)
The version of mozilla-thunderbird installed on the remote host is prior to 102.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-102-01 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and...
CVE-2023-29542
The Mozilla Foundation Security Advisory describes this flaw as: A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bu...
projectSend r1605 - Remote Code Exectution Vulnerability
Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...
projectSend r1605 Remote Code Execution
Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...
projectSend r1605 - Remote Code Exectution RCE
Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...