CVE-2023-5263

A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

CVE-2023-5263 ZZZCMS Database Backup File save.php restore permission

A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

CVE-2023-5263 ZZZCMS Database Backup File save.php restore permission

A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

CVE-2023-5263

The CVE concerns ZZZCMS 2.1.7. It targets the restore function in the Database Backup File Handler’s /admin/save.php, where improper handling leads to permission issues. The vulnerability can be exploited remotely, and public disclosures exist (exploit has been disclosed). Affected component: Dat...

CVE-2023-5142

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of th...

PT-2023-31817 · H3C · H3C Gr-1100-P +14

Name of the Vulnerable Software and Affected Versions: H3C GR-1100-P versions up to 20230908 H3C GR-1108-P versions up to 20230908 H3C GR-1200W versions up to 20230908 H3C GR-1800AX versions up to 20230908 H3C GR-2200 versions up to 20230908 H3C GR-3200 versions up to 20230908 H3C GR-5200 version...

PT-2023-4392 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Document Server versions 4.0.3 through 7.3.2 Description: The issue is related to a Memory Exhaustion vulnerability in the JavaScript File Handler component of ONLYOFFICE Document Server. This vulnerability allows remote attackers ...

PT-2023-4393 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2 Description: An out of bounds memory access issue in the JavaScript File Handler component allows remote attackers to execute arbitrary code via a crafted JavaScript file. This can be...

PT-2023-4363 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2 Description: A use after free issue in ONLYOFFICE DocumentServer allows remote attackers to run arbitrary code via a crafted JavaScript file. This issue is related to the JavaScript File...

CVE-2023-3804

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been...

Improper access control

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function deletefile in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch...

CVE-2023-3099

CVE-2023-3099 affects KylinSoft youker-assistant on KylinOS. The vulnerability is in the delete_file function of the dbus.SystemBus component within Arbitrary File Handler, causing improper access controls and enabling a local attack. Exploitation is local, with a high impact on integrity/availab...

PT-2023-23100 · Kylinsoft · Youker-Assistant

Name of the Vulnerable Software and Affected Versions: KylinSoft youker-assistant versions prior to 3.0.2-0kylin6k70-23 Description: A critical issue was found in the delete file function of the dbus.SystemBus library in the Arbitrary File Handler component, leading to improper access controls...

PT-2023-3749 · Yandex · Yandex Navigator

Name of the Vulnerable Software and Affected Versions: Yandex Navigator version 6.60 Description: The issue in Yandex Navigator is related to errors in resource release, specifically concerning the SharedPreference File Handler component. This allows an attacker to cause a denial of service. The...

OESA-2023-1317 libwebp security update

This is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently. Security...

CVE-2023-33979

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

Information disclosure

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

CVE-2023-33979

The CVE-2023-33979 issue affects gpt_academic (3.37 and earlier), where improper handling of the Configuration File Handler allows manipulation of the file argument resulting in information disclosure. Read access via the /file route can leak sensitive information from working directories, partic...

CVE-2023-33979 gpt_academic's Configuration File vulnerable to File Information Disclosure

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

PT-2023-2876 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue is a directory traversal vulnerability within the TftpReceiveFileHandler class of D-Link D-View. It allows remote attackers to execute arbitrary code on affected systems...