65 matches found
GHSA-9RJP-R58J-FXGQ Path traversal in elFinder.NetCore
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
CVE-2021-23428
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
Path traversal
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
CVE-2021-23428 Directory Traversal
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
CVE-2021-23428
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
elFinder 输入验证错误漏洞
elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling, and other features. A security vulnerability exists in all versions of elFinder.NetCore in Snyk. The vulnerability is due to a lack of checking of user input and...
Directory Traversal
Overview elFinder.NetCore is a file manager for Web. Affected versions of this package are vulnerable to Directory Traversal. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to...
Mcafee McAfee Agent 授权问题漏洞
The McAfee McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator the antivirus management platform and managed products. A security vulnerability exists in McAfee Agent for Windows prior to 5.7.1, which stems from a lack o...
UBUNTU-CVE-2020-15175
In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”...
PT-2020-14248 · Teclib +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue allows a user to specify an image from a plugin through the "pluginimage.send.php" endpoint. The parameters can be maliciously crafted to delete the .htaccess file for the files directory,...
CVE-2019-3567
In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permission...
Directory traversal
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal...
Microsoft Office Suite Remote Code Execution Vulnerability (KB3178702)
This host is missing a critical update for Microsoft Office Suite according to Microsoft security update KB3178702. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Fast Autocomplete - Critical - DOS vulnerability - SA-CONTRIB-2016-016
This module enables you to show IMDB-like suggestions when entering terms into an input field using json files to "cache" suggestions making the autocomplete very fast. The module doesn't sufficiently validate the incoming language parameter in the request path when a json file of the module is...
Race condition
Race condition in Lenovo System Update formerly ThinkVantage System Update before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated...
SA-CONTRIB-2014-029 - Mime Mail - Access Bypass
The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments. By default the module only allows files to be embedded or attached that are located in the public files directory. The module doesn't sufficiently check the file location, considering similar...
FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)
Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...
Nagios Looking Glass Addon for Nagios server/s3_download.php File Disclosure
The Nagios Looking Glass Addon for Nagios installed on the remote host is affected by a file disclosure vulnerability. By sending a specially crafted request to the Addon's 'server/s3download.php' script, a remote, unauthenticated attacker can leverage this vulnerability to obtain the contents of...
drupal -- multiple vulnerabilities
Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...
Safe Returner 1.27.5 Commandline Vulnerability
Exploit for windows platform in category local exploits ============================================== Safe Returner 1.27.5 Commandline Vulnerability ============================================== Exploit Title : Commandline vulnerability Date : 27 Oct 2010 Author : STRELiTZIA Software : Safe...