GHSA-C9PW-F4WP-22JR SUKOHI Surpass Path Traversal vulnerability

A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 can address this issue. The name of the pat...

Path traversal

A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix th...

Path traversal

A vulnerability classified as critical has been found in YunoHost-Apps transmissionynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The patch is identified as f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to...

CVE-2022-1101

A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royalevent/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifi...

Cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royalevent/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. ...

Sql injection

A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able ...

Cross site scripting

A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is an unknown function of the file src/database.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is...

CVE-2015-10014 arekk uke finder.rb sql injection

A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The identifier of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. T...

CVE-2018-25064

A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named...

CVE-2021-4300

A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched...

CVE-2022-44036

In b2evolution 7.2.5, if configured with adminscanmanipulatesensitivefiles, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to...

GHSA-6M7C-45FF-3328 FrameworkUserBundle Generates Error Message Containing Sensitive Information

A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to...

Command injection

A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/preparepage.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The patch is named...

CVE-2017-20158 vova07 Yii2 FileAPI Widget UploadAction.php run cross site scripting

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The...

yii2 跨站脚本漏洞

Yii is a component-based, high-performance PHP framework for developing large-scale Web applications developed by the YII team. A cross-site scripting vulnerability exists in version 0.1.8 and earlier versions of yii2, which stems from incorrect manipulation of the parameter file resulting in...

CVE-2021-4293

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menulistupdate.php. The manipulation of the argument melink leads to cross site scripting. It is possible to launch the attack...

GHSA-RMJ9-Q58G-9QGG go-unzip vulnerable to Path Traversal

Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

Cloud Foundry Archiver vulnerable to path traversal

Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

Cloud Foundry Archiver vulnerable to path traversal

Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

CVE-2021-4292

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...