PT-2022-4014 · Jenkins · Jenkins Files Found Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Files Found Trigger Plugin versions 1.5 and earlier Description: The issue is related to insufficient authorization procedures in the plugin. This allows a remote attacker to gain unauthorized access to protected information...

Jenkins Files Found Trigger Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-4767 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and...

PT-2022-5099 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: A missing permission check in the Jenkins OpenShift Deployer Plugin allows attackers with Overall/Read permission to check for the existence of an attacker-specified fi...

WordPress plugin SP Project & Document Manager 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An information disclosure vulnerability exists in...

PT-2022-21982

Name of the Vulnerable Software and Affected Versions Wavlink WN530HG4 version M30HG4.V5030.191116 Description A hardcoded encryption/decryption key was found in the configuration files of the affected device, specifically at the /etc ro/lighttpd/www/cgi-bin/ExportAllSettings.sh location. This...

DEBIAN-CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

多款Schneider Electric产品安全漏洞

The Schneider Electric OPC UA Modicon Communication Module and the Schneider Electric X80 advanced RTU Communication Module are both products of the French company Schneider Electric. The Schneider Electric OPC UA Modicon Communication Module is an Ethernet communication module with an embedded O...

chainerrl-visualizer路径遍历漏洞

chainerrl-visualizer is Chainer's open source way to visually analyze the behavior of ChainerRL agents to make debugging easier. chainerrl-visualizer suffers from a path traversal vulnerability that stems from a failure of the Flask sendfile function to properly filter the resource or file path f...

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

CVE-2022-33060

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deleteschedule...

Online Railway Reservation System SQL注入漏洞

Sourcecodester Online Railway Reservation system is a web-based application that provides an online platform for rail or train station passengers or potential passengers to browse their schedules and reserve seats. sourceCodester Online Railway Reservation System v1.0 is vulnerable to a SQL...

CVE-2022-31913

Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting XSS via /odfs/classes/Master.php?f=savecategory, name...

CVE-2021-37404

A flaw was found in Apache Hadoop. Opening a file path provided by a user without validation may result in a denial of service or arbitrary code execution...

PT-2022-10651 · Apache · Apache Hadoop

Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions prior to 2.10.2 Apache Hadoop versions prior to 3.2.3 Apache Hadoop versions prior to 3.3.2 Description: There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. This issue occurs when a file path...

CVE-2022-31483

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contai...

USN-5461-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled empty password values. A remote attacker could use this issue to bypass server authentication. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. CVE-2022-24882 It was discovered that FreeRDP incorrectly handled server...