Path traversal

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files...

Oracle ZFS Storage Appliance Input Validation Error Vulnerability

Oracle ZFS Storage Appliance is a storage appliance that supports flash memory, petabyte file storage and built-in Oracle database from Oracle USA. A security vulnerability exists in Oracle ZFS Storage Appliance Kit version 8.8, which stems from a vulnerability that allows an elevated-privilege...

Linktree: No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose)

No validation to Image upload user can upload...

[SECURITY] Fedora 35 Update: subversion-1.14.2-5.fc35

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

Fedora: Security Advisory for git-lfs (FEDORA-2022-ba365d3703)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: git-lfs-3.1.2-4.fc36

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

django-s3file 路径遍历漏洞

django-s3file is a lightweight file upload input for Django and Amazon S3. A path traversal vulnerability exists in django-s3file versions prior to 5.5.1, which stems from the fact that django-s3file can traverse the entire AWS S3 storage bucket and in most cases access or delete files...

Mattermost Server is vulnerable to Path Traversal when files are stored locally

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

Mattermost Server does not prevent System Admin from arbitrary file creation

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files...

GHSA-HJQH-J6RJ-GH8Q Mattermost Server is vulnerable to Path Traversal when files are stored locally

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

GHSA-8QG8-C7MW-6FJ7 Mattermost Server is vulnerable to Directory Traversal by System Admins

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal...

Magento Unrestricted file upload vulnerability

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file...

CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

The vulnerability of the software for interacting with servers via CURL is related to deficiencies in the algorithm for calculating the checksum. This allows a hacker to compromise the integrity of the data.

The vulnerability of the software for interacting with servers via CURL is related to the storage of dangerous files. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

CVE-2021-36290

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges...

ROS-20220322-01

Vulnerability in Mozilla Thunderbird email client, related to a memory usage error upon release when processing HTML content. Exploitation of the vulnerability could allow an attacker, acting remotely, to activate the post-release usage by forcing text to be recomposed in a SVG object and executi...

ROS-20220314-01

Vulnerability in Mozilla Firefox browser, related to a logic error in iframe processing. Exploitation the vulnerability could allow an attacker acting remotely and who has the ability to control the contents of an isolated iframe program environment , allow-popups, but not allow-scripts, could...

How to Use OneDrive for Office 365 on Desktop

By Owais Sultan OneDrive is used to help organizations store files and documents. Learn how to use OneDrive for Office 365… This is a post from HackRead.com Read the original post: How to Use OneDrive for Office 365 on Desktop...

Siemens COMOS Web Component Path Traversal Vulnerability

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A path traversal vulnerability exists in the Siemens COMOS Web component, which could be...

CVE-2021-37196

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions = V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS unpacks specially crafted archi...