ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS eLearning platform versions prior to 7.16 that stems from allowing external control over file names or paths...

CVE-2022-41158

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

CVE-2022-41158 eyoom builder Remote Code Execution Vulnerability

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

PT-2022-25687 · Eyoom Co. +1 · Eyoom Builder

Name of the Vulnerable Software and Affected Versions: Builder program affected versions not specified Description: The issue allows for remote code execution by utilizing cookie values as paths to a file. This can be exploited by a remote attacker to execute or inject malicious code...

Arbitrary Code Execution

jupytercore is vulnerable to arbitrary code execution. The vulnerability exists in the configfilepaths function in application.py which executes untrusted files in the current working directory, allowing one user to run code as another...

Information disclosure

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity ShareLinkActivity.kt to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachment...

PT-2022-21508 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16 Description: An issue existed with the file paths used to store website data, potentially allowing an unauthorized user to access browsing history. The issue was resolved by improving how website data is stored and by...

Path Traversal

streamlit is vulnerable to path traversal. The vulnerability exists in get function in ComponentRequestHandler due to improper handling of component requests outside the root directory which allows an attacker to access and overwrite the files by sending a malicious URL with file paths...

CVE-2022-35918 Streamlit directory traversal vulnerability

Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...

CVE-2022-36904

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Jenkins Buckminster Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Anakin path traversal vulnerability

Anakin is a cross-platform, high-performance inference engine open-sourced by PaddlePaddle.Anakin 0.1.1 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be...

flask-mongo-skel path traversal vulnerability

flask-mongo-skel is a Flask MongoDB framework from Shamail Tayyab's personal developer. flask-mongo-skel 2012-11-01 and earlier versions contain a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter resource or file paths for The vulnerability is...

Fan_Platform path traversal vulnerability

FanPlatform is a UI interface automation platform backend for Caoyongqi912 personal developers. 2021-04-20 and earlier versions of FanPlatform are vulnerable to a path traversal vulnerability, which stems from the failure of Flask's sendfile function to properly filter special elements in resourc...

AutomatedQuizEval path traversal vulnerability

AutomatedQuizEval, an automated quiz evaluation system from the personal developer Sravani Boinepelli, suffers from a path traversal vulnerability that stems from the failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be exploited by...

flask-file-server path traversal vulnerability

flask-file-server is a file server with a front-end for browsing, uploading, and streaming files from Wildog Personal Developer. flask-file-server 2020-02-20 and earlier versions are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly...

Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)

Exploit Title: Real Player 16.0.3.51 - 'external::Import' Directory Traversal to Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: ver. 16.00.282, 16.0.3.51, Cloud 17.0.9.17,...

Diavante vue-storefront-api and storefront-api disclose stack trace

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

GHSA-9WXJ-37P8-49FF Diavante vue-storefront-api and storefront-api disclose stack trace

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...