64 matches found
Jenkins Plugin Sonargraph Integration 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-25164 · Jenkins · Jenkins Sonargraph Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 5.0.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the file path and the project name for the Log file field form validation are...
UBUNTU-CVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...
UBUNTU-CVE-2022-25277
Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...
SUSE CVE-2017-17052
The mminit function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the -exefile member of a new process's mmstruct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program...
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
Drupal has released security updates to address vulnerabilities affecting H5P and the File Field Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s...
WordPress Easy Social Icons plugin跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Easy Social Icons plugin prior to 3.2.1, which stems from the...
CVE-2020-24147
Server-side request forgery SSR vulnerability in the WP Smart Import wp-smart-import plugin 1.0.0 for WordPress via the file field...
Server side request forgery (ssrf)
Server-side request forgery SSR vulnerability in the WP Smart Import wp-smart-import plugin 1.0.0 for WordPress via the file field...
PT-2021-11018 · WordPress · Wp Smart Import
Name of the Vulnerable Software and Affected Versions: WP Smart Import plugin version 1.0.0 Description: A server-side request forgery SSRF issue exists in the WP Smart Import plugin for WordPress. This issue is related to the file field. Recommendations: For WP Smart Import plugin version 1.0.0,...
PT-2021-11214 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.6.0-rc1 Description: The issue arises when a FormField with square brackets in the field name is used, causing it to skip validation. Specifically, the FileField class, commonly used for file upload, can be...
PT-2020-15415 · Jenkins · Jenkins Sonargraph Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the file path for the Log file field form validation. This can be...
The vulnerability of the journal viewing tool of the Apache Storm distributed computing platform allows a hacker to read arbitrary files.
The vulnerability of the journal viewing tool in the Apache Storm distributed computing platform relates to deficiencies in path name restrictions for accessing the catalog. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the “..” symbol as a parameter in the...
CVE-2017-15948
Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...
CVE-2014-5022
Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...
CVE-2014-5022
Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...
UBUNTU-CVE-2014-5022
Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...
CVE-2014-5020
The Drupal 7.x File module vulnerability CVE-2014-5020 allows remote authenticated users with certain permissions to bypass file-view restrictions and read files by attaching a file to content via a file field. Affected software: Drupal core (Drupal 7.x) prior to 7.29. Root cause: improper permis...
CVE-2014-5022
Removed by vendor...
Format string
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service crash or possibly execute arbitrary code via format string specifiers in the Remote File field...