OESA-2022-1657 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0,...

new packages: perl-File-Path

An update is available for perl-File-Path. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Django Directory Traversal via ssi template tag

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. dot dot in a ssi template tag...

CVE-2022-29588

Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files...

User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal

The plugin does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads As a subscriber, submit a dummy image on a page/post with a File Upload...

CVE-2022-30387

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/classes/Master.php?f=payorder...

CVE-2022-30370

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=deletecargotype...

GHSA-X646-M7X2-GCP7 Path Traversal in Jenkins

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection...

Merchandise Online Store SQL注入漏洞

Merchandise Online Store is a merchandise online store system. merchandise Online Store has a security vulnerability that can be exploited by attackers via /vloggersmerch/classes/Master.php?f=deletecategory SQL injection attack...

CVE-2022-29986

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=deletefacility...

CVE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

Path Traversal

flux2 and kustomize-controller are vulnerable to path traversal. Kustomization file path are not sanitized, allowing an attacker to use built-in features to send malicious kustomization.yaml to expose sensitive data...

Path traversal

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic...

CVE-2022-28784

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic...

CVE-2022-28784

CVE-2022-28784 describes a path traversal vulnerability in Samsung Galaxy Themes prior to SMR May-2022 Release 1. The issue stems from incorrect file path validation logic, allowing a system user to list file names in arbitrary directories. Affected component: Galaxy Themes (on Samsung devices) w...

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

CVE-2022-27982

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution RCE vulnerability via the fileName parameter at /guestauth/cfg/upLoadCfg.php...

CVE-2022-28114

DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php...

CVE-2022-28058

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\filecontroller.php...

PT-2022-5522 · Freerdp +6 · Freerdp +6

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.7.0 Description: The issue is related to the authentication procedure in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. Server-side authentication against a SAM file might be successful for...