Design/Logic Flaw

Denial of service DoS vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

Server side request forgery (ssrf)

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2021-45848

Denial of service DoS vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...

PT-2022-12436 · Nicotine+ · Nicotine+

Name of the Vulnerable Software and Affected Versions: Nicotine+ versions 3.0.3 through 3.2.0 Description: A denial of service DoS issue exists, allowing a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. This...

Jenkins Plugin Semantic Versioning 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An access control error vulnerability exis...

PT-2022-09: Insufficient validation of file paths and Path Traversal in Veeam Backup & Replication

The vulnerability was identified in Veeam Backup & Replication versions 9.5, 10, 11. The discovered vulnerability allows an attaker to perform an NTLM-relay attack on behalf of the account under which the service is running, uploading arbitrary files from arbitrary paths to the VBR server,...

Insurance Management System v1.0 SQL injection Vulnerability

Title: Insurance Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://itsourcecode.com/free-projects/php-project/php-projects-source-code-free-downloads/ Software: https://itsourcecode.com/free-projects/php-project/insurance-management-system-project-in-php-free-download/ Reference:...

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the component sixelchunkdestroy at /root/libsixel/src/chunk.c. Remediation There is no fixed version for libsixel. References - GitHub Issue...

Matrimony 1.0 SQL Injection

Title: Matrimony 1.0 SQLi Author: nu11secur1ty Date: 03.05.2022 Vendor: https://www.vetbossel.in/matrimony-project-php/ Software: https://cutt.ly/LOHzKd0, https://www.vetbossel.in/matrimony-project-php/ Reference:...

Air Cargo Management System 1.0 SQL Injection

Title: Air Cargo Management System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.18.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html CVE - Air Cargo Management Systemv1....

GitHub Security Lab: [Java]: CWE-073 - File path injection with the JFinal framework

This bug was reported directly to GitHub Security Lab...

JerryScript 安全漏洞

JerryScript is a lightweight JavaScript engine from the JerryScript Jerryscript project. JerryScript has a security vulnerability that stems from an assertion failure in /js/js-parser.c in JerryScript commit a6ab5e9...

WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)

Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Date: 09-11-2021 Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...

CVE-2022-24646

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters...

Path Traversal

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw...

iTunesRPC-Remastered OS Command Injection Vulnerability

iTunesRPC-Remastered is a rich discordant state application used with iTunes and Apple Music. iTunesRPC-Remastered suffers from an operating system command injection vulnerability that stems from iTunesRPC-Remastered not properly cleaning the image file path. An attacker could exploit this...

WordPress Plugin RVM 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. A cross-site request forgery vulnerability exists in WordPress RVM, which originates from the rvmuploadfilepath parameter in the produ...