168 matches found
PT-2025-23761 · WordPress · Filterprovider
Name of the Vulnerable Software and Affected Versions: File Provider versions 1.2.3 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the File Provider WordPress plugin. This could allow attackers to make a logged-in admin change the settings via ...
PT-2025-23760 · WordPress · Filterprovider
Name of the Vulnerable Software and Affected Versions: File Provider WordPress plugin versions 1.2.3 and earlier Description: The issue arises from the File Provider WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement via an AJAX action available t...
WordPress plugin File Provider SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress File Provider plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker...
WordPress plugin File Provider 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress File Provider plugin suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF checks. An attacker could use this vulnerability to all...
CVE-2023-26563
The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On...
CVE-2017-1000104
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...
CVE-2024-11358 Insecure Android File Provider Paths
Mattermost Android Mobile Apps versions =2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider...
CVE-2024-11358 Insecure Android File Provider Paths
Mattermost Android Mobile Apps versions =2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider...
PT-2024-16931 · Mattermost · Mattermost Android Mobile Apps
Name of the Vulnerable Software and Affected Versions: Mattermost Android Mobile Apps versions =2.21.0 Description: The issue arises from a misconfiguration of file providers in the Mattermost Android Mobile Apps, allowing an attacker with local access to access files via the file provider. This...
jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin
A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...
The vulnerability of the File Provider component in the macOS operating system allows a hacker to trigger a service failure.
The vulnerability of the File Provider component in the macOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
PT-2023-8351 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7.1 macOS versions prior to 13.6.1 macOS versions prior to 14.1 Description: The issue exists due to insufficient input validation in a component of the macOS operating system, specifically the File Provider. This c...
RESTEasy: creation of insecure temp files
In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...
CVE-2023-30707
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege...
SAMSUNG Mobile devices security vulnerability
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices SMR Sep-2023 Release 1 prior to version 1, which stems from an incorrect input validation vulnerabili...
RESTEasy: creation of insecure temp files
In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...
CVE-2023-40339
A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...
Jenkins Config File Provider Plugin improper credential masking vulnerability
Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a802e4d2 masks credentials configured in configuration files if the...
Jenkins NodeJS Plugin improper credential masking vulnerability
Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...
GHSA-PV2G-VM98-VJXF Jenkins Config File Provider Plugin improper credential masking vulnerability
Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a802e4d2 masks credentials configured in configuration files if the...