CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

CVE-2023-2196 Missing permission checks in Code Dx Plugin

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

Design/Logic Flaw

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2023-32985

The CVE-2023-32985 issue affects the Jenkins Sidebar Link Plugin (version 2.2.1 and earlier). It allows path traversal by not properly restricting the path of files during a form-validation operation, enabling attackers with Overall/Read permission to check whether an attacker-specified file path...

CVE-2023-32985

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

PT-2023-24118 · Jenkins · Jenkins Sidebar Link Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sidebar Link Plugin versions 2.2.1 and earlier Description: The issue allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. This is due to th...

PT-2023-20842 · Sourcecodester · Sourcecodester Personnel Property Equipment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Personnel Property Equipment System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Personnel Property Equipment System. The issue affects an unknown function of the file admin/add item.php,...

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

Weaver E-Office 代码问题漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from a problem with the file /inc/jquery/uploadify/uploadify.php, where manipulation of the parameter Filedata can result in...

PT-2023-20699 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /classes/Master.php?f=delete item. This issue leads to sql injection and can be exploite...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the error function at /nasm/nasm-pp.c. Remediation There is no fixed version for yasm. References - GitHub Issue - PoC Credit: randomssr...

AZL-35380 CVE-2023-31972 affecting package yasm 1.3.0-17

yasm v1.3.0 was discovered to contain a use after free via the function ppgetline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

Xxe

External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0...

PT-2023-20148 · Bumsys · Bumsys

Name of the Vulnerable Software and Affected Versions: bumsys versions prior to 2.2.0 Description: The issue concerns external control of file name or path in the GitHub repository unilogies/bumsys. Recommendations: For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issu...

PT-2023-19999 · Unknown · Control Id Rhid

Name of the Vulnerable Software and Affected Versions: Control iD RHiD version 23.3.19.0 Description: A critical vulnerability has been found in Control iD RHiD, affecting an unknown part of the file /v2//. The manipulation leads to direct request and can be initiated remotely. The vendor was...

SoftExpert Suite 2.1.3 Local File Inclusion

Exploit Title: SoftExpert SE Suite v2.1.3 - Local File Inclusion Date: 27-04-2023 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.softexpert.com/ Version: 2.0 target=$1 u=$2 p=$3 file=$echo -n "$4"|base64 -w 0 end="\0330m\e0m" red="\e0;31m\0331m" blue="\e0;34m\0331m" echo ...

CVE-2023-2424

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publi...

PT-2023-19474 · Mlecms · Mlecms

Name of the Vulnerable Software and Affected Versions: MLECMS version 3.0 Description: A critical issue affects the get url function in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $ SERVER'REQUEST URI' leads to SQL injection. The...