Huawei Emui and Magic UI Unauthorized File Access Vulnerability (CNVD-2021-83529)

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. A security vulnerability exists in Huawei Emui and Magic UI. An attacker can exploit the vulnerabilities to cause unauthorized file access by creating malicious fi...

CVE-2020-36378

An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

CVE-2020-36377

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

CVE-2020-26707

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...

Code injection

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

CVE-2020-36379

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the packageCmd function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...

Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the list function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...

Mycodo path traversal vulnerability

Mycodo is an environment monitoring and conditioning system. Used to couple inputs and outputs to sense and manipulate the environment, Mycodo is vulnerable to a path traversal vulnerability in versions prior to 8.12.7, which stems from a networked system or product failing to properly filter...

CVE-2021-39224 File path disclosure of shared files in OfficeOnline application

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file shared.txt is locat...

CVE-2021-39223 File path disclosure of shared files in Richdocuments application

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...

Design/Logic Flaw

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

Description Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and,...

CVE-2021-37105

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...

Lcobucci jwt 数据伪造问题漏洞

Jwt is a simple library that uses Json Web Token and Json Web Signature. Lcobucci jwt is vulnerable to a data forgery issue that stems from a failure to validate data in the product based on the hmac algorithm using a file path as a hash key to validate the token. An attacker could initiate a...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22013

CVE-2021-22013 is a path traversal vulnerability in VMware vCenter Server’s appliance management API that could allow an unauthenticated attacker with network access to port 443 to read arbitrary files, leading to information disclosure. Affected software is vCenter Server; root cause is improper...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...