Design/Logic Flaw

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

CVE-2021-27471

The CVE-2021-27471 vulnerability affects Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier, arising from a parsing mechanism that does not sanitize file-path inputs, enabling path traversal when opening crafted files. This could allow an attacker to overwrite existing...

Exploit for CVE-2021-21983

CVE-2021-21975 VMware vRealize Operations vROps Manager API...

Denial Of Service (DoS)

nicotine-plus is vulnerable to denial of service. The fileisshared function of shares.py does not properly handle invalid file paths in the file download requests, allowing an attacker to crash the application by providing null characters to the file path...

Nicotine+ DoS on Null Character in Download Request

Denial of service DoS vulnerability in Nicotine+ starting with version 3.0.3 and prior to version 3.2.1 allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...

CVE-2021-45848

Denial of service DoS vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...

Design/Logic Flaw

Denial of service DoS vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

Server side request forgery (ssrf)

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

PT-2022-12436 · Nicotine+ · Nicotine+

Name of the Vulnerable Software and Affected Versions: Nicotine+ versions 3.0.3 through 3.2.0 Description: A denial of service DoS issue exists, allowing a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. This...

CVE-2021-45848

Denial of service DoS vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...

Jenkins Plugin Semantic Versioning 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An access control error vulnerability exis...

Insurance Management System v1.0 SQL injection Vulnerability

Title: Insurance Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://itsourcecode.com/free-projects/php-project/php-projects-source-code-free-downloads/ Software: https://itsourcecode.com/free-projects/php-project/insurance-management-system-project-in-php-free-download/ Reference:...

PT-2022-09: Insufficient validation of file paths and Path Traversal in Veeam Backup & Replication

The vulnerability was identified in Veeam Backup & Replication versions 9.5, 10, 11. The discovered vulnerability allows an attaker to perform an NTLM-relay attack on behalf of the account under which the service is running, uploading arbitrary files from arbitrary paths to the VBR server,...

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the component sixelchunkdestroy at /root/libsixel/src/chunk.c. Remediation There is no fixed version for libsixel. References - GitHub Issue...

Matrimony 1.0 SQL Injection

Title: Matrimony 1.0 SQLi Author: nu11secur1ty Date: 03.05.2022 Vendor: https://www.vetbossel.in/matrimony-project-php/ Software: https://cutt.ly/LOHzKd0, https://www.vetbossel.in/matrimony-project-php/ Reference:...

Air Cargo Management System 1.0 SQL Injection

Title: Air Cargo Management System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.18.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html CVE - Air Cargo Management Systemv1....

GitHub Security Lab: [Java]: CWE-073 - File path injection with the JFinal framework

This bug was reported directly to GitHub Security Lab...