77 matches found
Vite server.fs.deny Bypass - Local File Inclusion
Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest- script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...
EUVD-2018-10905
Malware in sbrugna...
EUVD-2017-7989
Malware in sbrugna...
EUVD-2013-4343
Malware in sbrugna...
EUVD-2015-2064
Malware in sbrugna...
EUVD-2022-4270
Malicious code in bioql PyPI...
EUVD-2023-54233
Malicious code in bioql PyPI...
WordPress plugin PowerPress Podcasting 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
Able to attach restricted files to Jira issues from Email
h3. Issue Summary From 9.15, admins can now restrict unwanted file extensions from being uploaded through issues. However, the restriction does not work when the attachment is sent via email. The files with restricted extensions are being uploaded to Jira issues. Reference:Restrict unwanted file...
PT-2024-8746 · Siemens · Tecnomatix Plant Simulation +1
Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Teamcenter Visualization versions prior to V2406.0005 Tecnomatix Plant Simulatio...
CVE-2024-49770
Summary: CVE-2024-49770 affects the Oak middleware framework used with Deno’s native HTTP server (and compatible runtimes). Before 17.1.3, an attacker could bypass the hidden-file restriction in Context.send by encoding a path separator as %2F, enabling potential read of sensitive files or server...
CVE-2024-42598
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admineditplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execut...
SUSE-SU-2024:2061-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Update to version 115.12.0 ESR bsc1226027 - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in JavaScript object transplant - CVE-2024-5690: External protocol handlers leaked by timing attack - CVE-2024-5691:...
Download Manager < 3.2.83 - Unauthenticated Password Protected File Bypass
Description The plugin is vulnerable to information disclosure, allowing unauthenticated attackers to bypass password protected file restrictions...
Google Chrome Data Forgery Problem Vulnerability (CNVD-2023-65156)
Google Chrome is a web browser from Google, an American company. A data forgery issue vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient data validation of Systems Extensions, and can be exploited by a remote attacker to bypass file restrictions vi...
CVE-2023-4369
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-4369
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...
Design/Logic Flaw
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-4369
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-4369
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...