Exploit for Deserialization of Untrusted Data in H2Database H2

CVE-2021-42392-Detect About The script detects vulnerable H2...

PT-2022-7288

Name of the Vulnerable Software and Affected Versions ruby-git versions prior to v1.13.0 Description The issue is related to incorrect code generation management in the Ruby/Git library, allowing a remote authenticated attacker to execute arbitrary Ruby code. This can be achieved by having a user...

PT-2022-7287

Name of the Vulnerable Software and Affected Versions ruby-git versions prior to v1.13.0 Description The issue is related to incorrect code generation management in the Ruby/Git library, allowing a remote authenticated attacker to execute arbitrary Ruby code. This can be achieved by having a user...

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...

Arbitrary File Write

Overview github.com/kataras/iris is a fast, simple yet fully featured and very efficient web framework for Go. Affected versions of this package are vulnerable to Arbitrary File Write. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALAS-2021-001) (deprecated)

This plugin has been deprecated following detection of an issue with overlapping filenames. Deprecated by al2ALASCORRETTO8-2021-001.nasl plugin ID 160410 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory...

Command Injection

com.itextpdf:io is vulnerable to command injection. An attacker is able to inject and execute malicious commands on vulnerable systems due to a mishandled CompareTool filename on the ghostscript command line in GhostscriptHelper.java...

golang: archive/zip: Reader.Open panics on empty string

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...

DEBIAN-CVE-2021-45086

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

Command injection in itext7-core

iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

DEBIAN-CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

UBUNTU-CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

PT-2021-23745 · Unknown +1 · Ghostscript +1

Name of the Vulnerable Software and Affected Versions: iText versions prior to 7.1.17 Description: The issue allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java. This can occur when a malicious filename is provide...

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

CVE-2021-43828 Improper Privilege Management in Patrowl

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

CVE-2021-40858

Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring...

OESA-2021-1455 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...