Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress

PoC exploit for CVE-2019-8942 and CVE-2019-8943, a pair of vulne...

Huawei EulerOS: Security Advisory for perl-File-Path (EulerOS-SA-2021-1829)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : perl-File-Path (EulerOS-SA-2021-1829)

According to the version of the perl-File-Path package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on...

SUSE: Security Advisory (SUSE-SU-2021:0449-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Installer Service Untrusted File Path Arbitrary File Write Vulnerability

This vulnerability allows local attackers to write data to arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Novel Boutique House-plus 3.5.1 - Arbitrary File Download Vulnerability

Exploit Title: Novel Boutique House-plus 3.5.1 - Arbitrary File Download Exploit Author: tuyiqiang Vendor Homepage: https://xiongxyang.gitee.io/ Software Link: https://gitee.com/noveldevteam/novel-plus,https://github.com/201206030/novel-plus Version: all Tested on: linux Vulnerable code:...

Novel Boutique House-plus 3.5.1 - Arbitrary File Download

Exploit Title: Novel Boutique House-plus 3.5.1 - Arbitrary File Download Date: 27/03/2021 Exploit Author: tuyiqiang Vendor Homepage: https://xiongxyang.gitee.io/ Software Link: https://gitee.com/noveldevteam/novel-plus,https://github.com/201206030/novel-plus Version: all Tested on: linux Vulnerab...

CVE-2021-3034

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...

Synology DiskStation Manager 缓冲区错误漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A security vulnerability exists in faad in Synology DiskStation Manager...

SUSE-SU-2021:0449-1 Security update for perl-File-Path

This update for perl-File-Path fixes the following issues: - Provide File::Path version 2.15 to SLE-12-SP5 jscSLE-17088, jscECO-3050 - CVE-2017-6512: fix a race condition in the File-Path module for Perl...

CVE-2020-26299

A potential path traversal vulnerability was found in ftp-srv in the 'path.resolve' function. It could occur on a Windows server as it allows the use of backward slash'' characters as separators in a file path allowing the user to move beyond the root folder defined for that user...

CVE-2021-3382

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service crash via vectors related to a file path...

CVE-2021-3382

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service crash via vectors related to a file path...

Stack overflow

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service crash via vectors related to a file path...

CVE-2021-3382

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service crash via vectors related to a file path...

CVE-2021-3382

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service crash via vectors related to a file path...

CVE-2021-3382

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service crash via vectors related to a file path...

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance Logs menu and manipulating the file-path in the URL...

PT-2021-16821 · Node Red · Node-Red-Contrib-Huemagic

Name of the Vulnerable Software and Affected Versions: node-red-contrib-huemagic version 3.0.0 Description: The issue allows for Directory Traversal, enabling access to arbitrary files. This is achieved through the res.sendFile API in the file hue-magic.js, using the hue/assets/..%2F path...