The vulnerability of the Imagick() function (~/includes/mla-stream-image.php) of the Media Library Assistant plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Imagick function /includes/mla-stream-image.php in the Media Library Assistant plugin of the WordPress content management system is related to improper external manipulation of file names or file paths. Exploiting this vulnerability could allow a malicious actor to execut...

The vulnerability of the TinyMCE plugin in the virtual training environment Moodle, which allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the TinyMCE plugin in the virtual training environment Moodle is related to incorrect external management of file names or file paths during data loading. Exploiting this vulnerability can allow an attacker to gain access to, read, modify, or delete data by sending specially...

Yonyou UFIDA-NC Path Traversal Vulnerability

Yonyou UFIDA-NC is a large-scale ERP enterprise management system and e-commerce platform from China's UFIDA Network Technology Yonyou Company. A path traversal vulnerability exists in Yonyou UFIDA-NC 20230807 and earlier versions, which stems from the parameter filePath in the file...

LG LED Assistant Path Traversal Vulnerability

LG LED Assistant is a software from Luckin LG Korea. It is used to set up LED lights. A security vulnerability exists in LG LED Assistant that originates from failure to properly validate a user-supplied path before using it in a file operation, allowing a remote attacker to disclose information ...

PT-2023-30464 · Yonyou · Yongyou Ufida-Nc

Name of the Vulnerable Software and Affected Versions: Yongyou UFIDA-NC versions up to 20230807 Description: A critical issue has been found in the processing of the file PrintTemplateFileServlet.java, where the manipulation of the filePath argument leads to path traversal. This issue can be...

CVE-2023-4711

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. Th...

CVE-2023-4542

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The...

CVE-2023-4543

A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and...

PT-2023-29550 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical vulnerability was found in IBOS OA, affecting unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The...

PT-2023-29244 · Openrapid · Openrapid Rapidcms

Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS version 1.3.1 Description: A critical issue was found in OpenRapid RapidCMS, affecting the file template/default/category.php. The manipulation of the id argument leads to SQL injection. Recommendations: For OpenRapid...

Hospital Management System SQL注入漏洞

The Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. An SQL injection vulnerability exists in Free Hospital Management System for Small Practices version 1.0, which stems from the...

Ghost Arbitrary File Read Vulnerability

Ghost is an open source content management system . Ghost suffers from an arbitrary file read vulnerability that stems from the program failing to properly filter for special elements in a resource or file path. An attacker can exploit this vulnerability to read arbitrary files...

Jenkins Plugin Folders 日志信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

MariaDB Security Vulnerabilities

MariaDB is a free and open source database management system from the Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB MaxScale versions prior to 23.02.3, which stems from the fact that passwords are stored in plaintext in...

GHSA-M9R4-3FG7-PQM2 PrestaShop path traversal

Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. Patches 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds none References none...

PT-2023-26700 · Unknown · Shuize 0X727

Name of the Vulnerable Software and Affected Versions: ShuiZe 0x727 version 1.0 Description: A remote command execution issue was found in the component /iniFile/config.ini, allowing for potential exploitation. Recommendations: For ShuiZe 0x727 version 1.0, consider restricting access to the...

CVE-2023-38695

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

Design/Logic Flaw

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...