CVE-2023-24449

CVE-2023-24449 refers to the PWauth Security Realm Plugin for Jenkins (version 0.4 and earlier). The issue is a path traversal-like flaw where file-name restrictions are not applied in form-validation code, enabling attackers with Overall/Read permission to check for the existence of an attacker-...

CVE-2022-2893

RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files...

CVE-2022-2893

RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files...

Gold Filled CRM 2.0 Arbitrary File Upload

==================================================================================================================================== | Title : Gold Filled CRM v 2.0 Remote File Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Citrix Workspace App fails to open ICA file automatically

CWA configuration manager fails to open ICA file automatically with the error message: "ICA Client Configuration Manager: Could not find the file names C:\Users\..\launch.ica. Please check your installation, or contact your administrator."...

DEBIAN-CVE-2022-46457

NASM v2.16 was discovered to contain a segmentation violation in the component ieeewritefile at /output/outieee.c...

CVE-2022-46306

ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files...

Path traversal

ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files...

CVE-2022-46306

CVE-2022-46306 affects ChangingTec ServiSign. The vulnerability is a path traversal caused by insufficient filtering of special characters in the DLL file path, enabling an unauthenticated attacker to host a malicious website that causes the component to load arbitrary DLL files, potentially enab...

PT-2022-11755 · W3C · W3C Unicorn

Name of the Vulnerable Software and Affected Versions: w3c Unicorn affected versions not specified Description: A problematic issue has been found in w3c Unicorn, affecting the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of t...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

WordPress Plugin php-mod/curl 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2022-9951 · Unknown · Php-Mod/Curl

Name of the Vulnerable Software and Affected Versions: php-mod/curl versions prior to 2.3.2 Description: The issue allows for XSS attacks via the post file path upload.php key parameter and the POST data to post multidimensional.php. This can potentially lead to malicious script execution. No...

CVE-2022-46662

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and...

Design/Logic Flaw

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and...

CVE-2022-46662

CVE-2022-46662 affects Roxio Creator LJB (Corel) with versions 12.2 build numbers 106B62B, 106B63A, 106B69A, 106B71A, 106B74A. A root cause is an unquoted Windows service path, so if a malicious executable is placed on the path, it may be run with the privileges of the Windows service. Documented...

CVE-2022-46662

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and...

CVE-2022-46662

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and...

Senayan Library Management System 9.2.2 SQL Injection

Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 Multiple SQLi-Not sanitizing correctly cookie session. Author: nu11secur1ty Date: 12.20.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...

CVE-2022-32833

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history...