Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary Java script via the filename parameter...

WordPress plugin Team Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...

PT-2024-35223 · Unknown · Team Members

Name of the Vulnerable Software and Affected Versions: Team Member versions n/a through 7.3 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows for potential remote file inclusion...

PT-2024-36103 · Codegear · Codegearthemes Designer

Name of the Vulnerable Software and Affected Versions: CodegearThemes Designer versions 1.3.3 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local...

PT-2024-36436 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the /teacher avatar.php file. This allows remote attackers to execute arbitrary JavaScript via the filename parameter...

AZL-54094 CVE-2024-53142 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

CVE-2024-53142

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

DEBIAN-CVE-2024-53142

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

UBUNTU-CVE-2024-53142

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

CVE-2024-53142

CVE-2024-53142: Linux kernel initramfs fix for filename buffer overrun. Root cause: during initramfs cpio extraction, the do_name() path passed a non-zero-terminated filename to kernel file operations, allowing trailing bytes from uninitialized memory to be incorporated into a created path. Impac...

CVE-2024-53142 initramfs: avoid filename buffer overrun

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

VulnCheck KEV: CVE-2024-39914

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...

whapa 安全漏洞

Whapa is a WhatsApp parser toolset by the individual developer Ivan Moreno. A security vulnerability exists in whapa version v1.59, which stems from vulnerability to a command injection attack via a carefully crafted filename for the HTML reporting component...

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

SUSE CVE-2024-53848

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4...

CVE-2024-53848

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

CVE-2024-53848 check-jsonschema default caching for remote schemas allows for cache confusion

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

CVE-2024-53848

The CVE-2024-53848 issue affects the check-jsonschema tool (and related advisories) where the default caching uses the remote schema basename (e.g., https://example.org/schema.json) as the cache filename. This can allow a malicious schema URL to overwrite or be substituted in the cache leading to...