Arobas Music Guitar Pro 跨站脚本漏洞

Arobas Music Guitar Pro is a multi-track guitar, bass and sheet music editor from the French company Arobas Music. Cross-site scripting vulnerability exists in versions prior to Arobas Music Guitar Pro v1.10.2, which originates from an attacker being able to insert a carefully crafted payload int...

PT-2022-27503 · Jenkins · Jenkins Associated Files Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Associated Files Plugin versions 0.2.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not properly escape the names of associated files. Attackers...

Amazon Linux 2 : rsync (ALAS-2022-1873)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1873 advisory. A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can cop...

Amazon Linux 2022 : xz, xz-devel, xz-libs (ALAS2022-2022-187)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-187 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

Advantech R-SeeNet 缓冲区错误漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet 2.4.17 and previous versions are vulnerable to a stack buffer overflow vulnerabilit...

PEAR Archive Tar Insecure Deserialization Code Execution (CVE-2020-28948)

An insecure deserialization vulnerability exists in the PEAR ArchiveTar module. The vulnerability is due to improper validation of file names inside TAR files. A remote attacker can exploit this vulnerability by sending malicious TAR files to the applications which are using PEAR ArchiveTar modul...

EulerOS 2.0 SP8 : rsync (EulerOS-SA-2022-2479)

According to the versions of the rsync packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting...

CVE-2022-36075 File list exposure in Nextcloud Files Access Control

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgrade...

Nextcloud 信息泄露漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud files access control, which stems from a user being able to see the names of files with...

GLSA-202209-01 : GNU Gzip, XZ Utils: Arbitrary file write

The remote host is affected by the vulnerability described in GLSA-202209-01 GNU Gzip, XZ Utils: Arbitrary file write - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can...

CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file...

Siemens部分产品 安全漏洞

SIMATIC PC Station is a software component that manages SIMATIC software products and interfaces on a PC.SIMATIC S7-400 controllers are designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries around the world. A...

Directory Traversal

rsync is vulnerable to Directory Traversal. The vulnerability exists due to a lack of validation of file names allowed, allowing a malicious rsync server or Man-in-The-Middle attacker to overwrite arbitrary files in the rsync client target directory and subdirectories...

CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

django: Potential directory-traversal via Storage.save()

A directory-traversal flaw was found in Django's Storage.save method, where a network attacker could possibly traverse restricted paths using suitably crafted file names...

Heap Buffer Overflow

Gpac is vulnerable to Denial of Service. The vulnerability exists due to a Heap Buffer overflow when importing file names over 255 characters...