114 matches found
Design/Logic Flaw
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass...
CVE-2017-6377
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass...
appRain 4.0.3 Path Traversal
Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: [email protected] Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release...
Pligg CMS 2.0.2 CSRF / Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Code Execution & CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/201...
FlatCMS <= 1.01 (file_editor.php) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl FlatCMS =1.01 Remote Command Execution Exploit Copyright c 2005 cijfer [email protected] All rights reserved. An input validation flaw exists within 'admin/fileeditor.php' of FlatCMS which can lead to remote command execution. Here is where the...
Command injection
The local file editor in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521...
CVE-2012-4095
The CVE-2012-4095 issue affects Cisco UCS Fabric Interconnect’s local file editor. The root cause is improper input filtering in the editor, allowing an authenticated, local attacker to use specific key bindings to read or modify arbitrary files with root privileges. Impact is local privilege esc...
Cisco Unified Computing System Fabric Interconnect Arbitrary File Access Vulnerability
A vulnerability in the local file editor of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to access arbitrary files on the userland filesystem with root privileges. The vulnerability is due to improper input filtering . An attacker could explo...
Foxit Advanced PDF Editor Installed
Foxit Advanced PDF Editor formerly known as Foxit PDF Editor, a PDF file editor, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65613; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/10";...
FlatCMS <= 1.01 (file_editor.php) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================================== FlatCMS All rights reserved. An input validation flaw exists within 'admin/fileeditor.php' of FlatCMS which can lead to remote command execution. Here is where the problem ...
FlatCMS 1.01 - file_editor.php Remote Command Execution
FlatCMS 1.01 - fileeditor.php Remote Command Execution !/usr/bin/perl FlatCMS All rights reserved. An input validation flaw exists within 'admin/fileeditor.php' of FlatCMS which can lead to remote command execution. Here is where the problem is line 22 of 97: ... 1 if$savefile != "" 2 $fcontent =...
FlatCMS <= 1.01 (file_editor.php) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl FlatCMS =1.01 Remote Command Execution Exploit Copyright c 2005 cijfer [email protected] All rights reserved. An input validation flaw exists within 'admin/fileeditor.php' of FlatCMS which can lead to remote command execution. Here is where the...
TYPO3 Security Bulletin
Situations are imaginable where sensitive information gets stored in the fileadmin/temp/ directory. If misconfigured in your web server, this directory can be browsable and therefore expose that information. Component Type: Core Affected Components: File Editor in Install Tool Versions: TYPO3 3.8...
TYPO3 Security Bulletin
The file editor functionality in the TYPO3 Install Tool menu option "Edit files in typo3conf/" has an option that reads "Make backup copy". If set, this will create a backup copy and append a "" to the original file name. This leads to file names that may be delivered as text files by a web serve...