iTunesRPC-Remastered 操作系统命令注入漏洞

iTunesRPC-Remastered is a rich discordant state application used with iTunes and Apple Music. iTunesRPC-Remastered suffers from an operating system command injection vulnerability that stems from iTunesRPC-Remastered not properly cleaning the image file path. An attacker could exploit this...

USN-5030-2 libdbi-perl vulnerabilities

USN-5030-1 addressed vulnerabilities in Perl DBI module. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker...

USN-5261-1: Phusion Passenger vulnerabilities

It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...

CVE-2022-23597 Remote program execution with user interaction

Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...

Element Desktop 资源管理错误漏洞

Element Desktop is an open source Matrix client for the Element Web-centered desktop platform from Element. A resource management error vulnerability exists in Element Desktop that can be exploited by an attacker to specify the path to a binary file on the victim's computer...

Mageia: Security Advisory (MGASA-2018-0047)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46331

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in fxProxyGetPrototype...

WP Ultimate CSV Importer < 6.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and CSRF checks when uploading zip files via the zipupload AJAX call, and does not perform any check on the files to be extracted. As a result, any authenticated user, such as subscriber could upload an archive with PHP files in it, leading to RCE As any...

CVE-2021-46165

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined...

Django path traversal vulnerability (CNVD-2022-31938)

Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2 before 2.2.26, 3.2.11 before 3.2.2, and 4.0.1 before 4.0.0 contains a path traversal...

Apache James path traversal vulnerability

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. Apache James in version 3.6.1 contains a path traversal vulnerability that stems from a failure of a networked system or product to properly filter special...

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

CVE-2021-45253

The id parameter in viewstorage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted...

CVE-2021-45253

The id parameter in viewstorage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted...

Video Sharing Website 1.0 SQL Injection

Title: Video Sharing Website 1.0 SQL - Injection Author: nu11secur1ty Date: 12.18.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14584/video-sharing-website-using-phpmysqli-source-code.html Description: The email parameter from ajax.php app o...

The vulnerability of the F2fs-Tools utility, related to incorrect external manipulation of file names or file paths, allows a malicious user to delete any files they desire.

The vulnerability of the F2fs-Tools tool is related to improper external manipulation of the file name or file path. Exploiting this vulnerability allows an attacker to delete arbitrary files by creating a specially crafted file system called f2fs...

The vulnerability of the Jenkins automation server, related to the absence of an authentication procedure that allows attackers to create parent directories in FilePath#mkdirs.

The vulnerability of the Jenkins automation server lies in the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to create parent directories in FilePathmkdirs from a remote location...

Design/Logic Flaw

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access an...

Path traversal

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV...

Privilege Escalation

github.com/opensearch-project/opensearch-cli is vulnerable to Privilege Escalation. The vulnerability exists due to the weak file path permission in the configuration file, allowing an attacker to read or write any file on the file path...