331 matches found
CVE-2025-59334
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...
CVE-2025-59334
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...
CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...
CVE-2025-59334
Linkr (versions up to 2.0.0) does not verify the integrity or authenticity of .linkr manifest files, allowing an attacker to tamper a manifest and inject arbitrary file entries, potentially enabling remote code execution if a downloaded file is executed. Version 2.0.1 adds a manifest integrity ch...
CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...
CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...
Linkr 安全漏洞
Linkr is a file transfer system by the individual developer Mohammad Zain. A security vulnerability exists in Linkr version 2.0.0 and earlier, which stems from failure to validate the integrity and authenticity of .linkr manifest files, and could lead to arbitrary file injection and remote code...
PT-2025-38060
Name of the Vulnerable Software and Affected Versions: Linkr versions through 2.0.0 Description: Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr does not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a...
CVE-2025-10387 codesiddhant Jasmin Ransomware handshake.php sql injection
A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machinename/computeruser/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated...
postgresql: PostgreSQL code execution in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...
postgresql: PostgreSQL code execution in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...
postgresql: PostgreSQL executes arbitrary code in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious user of the PostgreSQL server to inject arbitrary code in dump files created by pgdump, pgdumpall, pgrestore, and pgupgrade, causing arbitrary code execution on the client machine or SQL injection when these dump files are...
CVE-2025-55107
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...
CVE-2025-55107 BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...
CVE-2018-25114 osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...
CVE-2018-25114 osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...
Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below
CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...
Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below
CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...
AZL-65226 CVE-2024-47252 affecting package httpd for versions less than 2.4.64-1
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
BIT-GIT-2025-48385 Git alllows arbitrary file writes via bundle-uri parameter injection
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...