PT-2026-30596

Name of the Vulnerable Software and Affected Versions Easy Blog Site version 1.0 Description A security issue exists in Easy Blog Site 1.0 related to the login functionality within the login.php file. Manipulation of the username and password arguments can lead to SQL injection. The attack can be...

Code-Projects Online Music Site SQL Injection Vulnerability

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters related to files, administrators, PHP, and...

mPDF 安全漏洞

mPDF is mPDF open source a library written in PHP for the use of HTML to PDF file conversion . mPDF version 7.0 there is a security vulnerability , the vulnerability stems from the annotation file parameters exist in the local file contains a vulnerability , which may lead to read arbitrary syste...

CVE-2005-1657

Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to 1 deletefolder.ctml, 2 deletemessage.ctml, 3 origmessage.ctml, or 4 readmessage.ctml, the Message.Id parameter to editmessage.ctm...

Incomplete Cleanup

Overview org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language. Affected versions of this package are vulnerable to Incomplete Cleanup in the multipart request processing in the file parameters in OGNL-mapped Value Objec...

EUVD-2008-6617

Malware in sbrugna...

EUVD-2007-3413

Malware in sbrugna...

EUVD-2009-4849

Malware in sbrugna...

EUVD-2018-7670

Malware in sbrugna...

EUVD-2023-1464

Malicious code in bioql PyPI...

PT-2024-33242 · Automatic Systems Maintenance · Slimlane

Name of the Vulnerable Software and Affected Versions: Automatic Systems Maintenance SlimLane affected versions not specified Description: An issue in Automatic Systems Maintenance SlimLane allows a remote attacker to obtain sensitive information via the Racine and FileName parameters in the...

The detail explanation about the parameters in License file

This article explains the parameter details in License file...

CVE-2024-3614

A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument namacustomer/alamatcustomer/notelpcustomer leads to cross site scripting. It is possible to initiate...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

CVE-2023-48208

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

GHSA-584M-7R4M-8J6V Incorrect Authorization in Jenkins Core

When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and , and LTS prior to 2.387.1 creates this temporary file in the default temporar...

HTMLy 路径遍历漏洞

HTMLy is a PHP-based open source blogging platform. A path traversal vulnerability exists in HTMLy versions prior to 2.8.1. A remote attacker can exploit this vulnerability to delete arbitrary files with the help of modified file parameters...

Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...