3231 matches found
ASUSTOR Data Master 安全漏洞
ASUSTOR Data Master is a proprietary operating system on ASUSTOR NAS from ASUS, China, with a tablet-like graphical interface comparable to a zero learning curve, making it easy to get started. A security vulnerability exists in ASUSTOR Data Master ADM versions 4.0 through 4.2, which stems from a...
CVE-2023-2288
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP 8.0 using the phar:// stream wrapper...
PT-2023-23959 · Lima · Lima
Name of the Vulnerable Software and Affected Versions: Lima versions prior to 0.16.0 Description: A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The attacker has to embed the target file pat...
Information Disclosure
org.jenkins-ci.plugins:codedx is vulnerable to Information Disclosure. A remote authenticated attacker with item/read permissions is able to gain access user sensitive information such as the existence of an attacker-specified file path on an agent file system...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a segmentation violation via the expandmmacparams function in the /nasm/nasm-pp.c file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended...
File Path Traversal Vulnerability
Description in the file adminautoupdate.php php elseif $page == 'extract' if isset$POST'send' && $POST'send' == 'send' $toExtract = isset$POST'archive' ? $POST'archive' : null; $localArchive = Froxlor::getInstallDir . '/updates/' . $toExtract; $log-logActionFroxlorLogger::ADMACTION, LOGNOTICE,...
PT-2023-21296 · Sourcecodester · Sourcecodester Online Exam System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam System version 1.0 Description: A critical vulnerability was found in the SourceCodester Online Exam System, affecting unknown code of the file /kelasdosen/data. The manipulation of the argument columns1data leads t...
CVE-2023-2196
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...
CVE-2023-2196
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...
CVE-2023-2196 Missing permission checks in Code Dx Plugin
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...
CVE-2023-2196
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...
Design/Logic Flaw
Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2023-32985
The CVE-2023-32985 issue affects the Jenkins Sidebar Link Plugin (version 2.2.1 and earlier). It allows path traversal by not properly restricting the path of files during a form-validation operation, enabling attackers with Overall/Read permission to check whether an attacker-specified file path...
CVE-2023-32985
Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
PT-2023-24118 · Jenkins · Jenkins Sidebar Link Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Sidebar Link Plugin versions 2.2.1 and earlier Description: The issue allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. This is due to th...
PT-2023-20842 · Sourcecodester · Sourcecodester Personnel Property Equipment System
Name of the Vulnerable Software and Affected Versions: SourceCodester Personnel Property Equipment System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Personnel Property Equipment System. The issue affects an unknown function of the file admin/add item.php,...
CVE-2023-2648
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...
Weaver E-Office 代码问题漏洞
Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from a problem with the file /inc/jquery/uploadify/uploadify.php, where manipulation of the parameter Filedata can result in...
PT-2023-20699 · Sourcecodester · Sourcecodester Lost/Found Information System
Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /classes/Master.php?f=delete item. This issue leads to sql injection and can be exploite...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the error function at /nasm/nasm-pp.c. Remediation There is no fixed version for yasm. References - GitHub Issue - PoC Credit: randomssr...