PT-2022-22187 · Sourcecodester · Sourcecodester Book Store Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Book Store Management System version 1.0 Description: A vulnerability was found in the SourceCodester Book Store Management System. It affects the file /category.php, where the manipulation of the category name argument leads t...

Iranian Hackers Spreading RatMilad Android Spyware Disguised as VPN App

By Waqas RatMilad can perform a wide range of malicious actions including file manipulation, audio recording, and application permission modification. This is a post from HackRead.com Read the original post: Iranian Hackers Spreading RatMilad Android Spyware Disguised as VPN App...

Security Bulletin: IBM DB2 Security Vulnerability in the UTL_FILE module (CVE-2012-3324).

Abstract Vulnerability in IBM DB2 could allow an authenticated user, without proper authorization, to view, modify and delete any file. Content VULNERABILITY DETAILS CVE ID: CVE-2012-3324 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allow an...

PT-2022-4598 · Huawei · Huawei Headset

Name of the Vulnerable Software and Affected Versions: Huawei headset products affected versions not specified Description: The issue concerns an out-of-bounds read and write vulnerability. An attacker, with physical access to the device, can craft a malformed message with a specific parameter an...

CVE-2022-1325

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...

CVE-2022-1325

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...

CVE-2022-1325

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...

CVE-2021-3701

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate use...

CVE-2022-2779 SourceCodester Gas Agency Management System oneWord.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be...

Emerson ROC800, ROC800L and DL8000

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: High attack complexity Vendor: Emerson Equipment: ROC800, ROC800L and DL8000 Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational...

Emerson ControlWave

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ControlWave Vulnerabilities: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL,” that details vulnerabilities found in multiple...

PT-2022-18321 · Sourcecodester · Sourcecodester Employee Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Management System affected versions not specified Description: A critical issue has been found in the system, affecting an unknown functionality of the file /process/aprocess.php. The manipulation of the mailuid argume...

CVE-2022-2678

A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file adminfeature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be...

CVE-2022-2685

A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input alert1 leads to cross site scripting. The attack may be...

New Woody RAT Malware Being Used to Target Russian Organizations

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office...

CVE-2022-2647 jeecg-boot unrestricted upload

A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

Path traversal

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

Fedora: Security Advisory for golang-github-mrunalp-fileutils (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-mrunalp-fileutils-0.5.0-6.fc36

Collection of utilities for file manipulation in Go...