PT-2024-15622 · Unknown · Zhongfucheng3Y Austin

Name of the Vulnerable Software and Affected Versions: ZhongFuCheng3y Austin version 1.0 Description: A critical issue affects the getFile function of the MaterialController.java file in the Upload Material Menu component, leading to unrestricted upload. The exploit has been disclosed to the publ...

Austin security breach

Austin is a message push platform. A security vulnerability exists in ZhongFuCheng3y Austin version 1.0, which originates from a security issue in the getFile function in the com/java3y/austin/web/controller/MaterialController.java in the component Upload Material Menu. function in the component...

PT-2023-32791 · Kalcaddle · Kodexplorer

Name of the Vulnerable Software and Affected Versions: kalcaddle KodExplorer versions up to 4.51.03 Description: A critical issue affects the API Endpoint Handler component, specifically the /index.php?pluginApp/to/yzOffice/getFile file. The manipulation of the path/file argument leads to...

python3 security update

3.6.8-19.0.1 - Remove the 'getfile' feature of pydoc Orabug: 33182027CVE-2021-3426 - Fix buffer overflow in PyCArgrepr Orabug: 32551171CVE-2021-3177 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-19 - Security fix for CVE-2023-24329 - Fix the test suite support for Expat =...

WordPress Plugin Media Downloader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-10158 · Unknown · Media Downloader Plugin

Name of the Vulnerable Software and Affected Versions: Media Downloader Plugin version 0.1.992 Description: A vulnerability was found in the Media Downloader Plugin, affecting the dl file resumable function of the getfile.php file. The manipulation of the file argument leads to cross-site...

PT-2022-27673 · Unknown · Planet Estream

Name of the Vulnerable Software and Affected Versions: Planet eStream versions prior to 6.72.10.07 Description: The issue allows directory traversal to read arbitrary local files through the GetFile.aspx page. Recommendations: For versions prior to 6.72.10.07, update to version 6.72.10.07 or late...

Path Traversal

apache ivy is vulnerable to path traversal. The vulnerability exists due to lack of file path pattern checks in the getCachedDataFile function of DefaultRepositoryCacheManager.java, allowing an attacker to overwrite files outside of the local cache by using ../ in artifact coordinates...

CLSA-2022-1653920195 Fixed CVEs in python3: CVE-2021-3737, CVE-2021-3426, CVE-2021-4189, CVE-2022-0391

CVE-2021-3426: Remove the pydoc getfile feature which could lead to information disclosure rhbz1935913 - CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2036020 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2036020 -...

CVE-2021-32937

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...

Design/Logic Flaw

A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function loo...

CVE-2022-26484

An issue was discovered in Veritas InfoScale Operations Manager VIOM before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via...

CLSA-2021-1638804072 Fix CVE(s): CVE-2021-3426

SECURITY UPDATE: directory traversal - debian/patches/CVE-2021-3426.patch: remove 'getfile' feature from pydoc which can be used to leak sensitive data to unauthorized actors. - CVE-2021-3426...

Python < 3.6.14, 3.7.x < 3.7.11, 3.8.x < 3.8.9, 3.9.x < 3.9.3 Python Issue (bpo-42988) - Mac OS X

Python is prone to an information disclosure vulnerability via pydoc getfile. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MDT AutoSave 信息泄露漏洞

MDT AutoSave is a software application. It provides an automated change management function. An information disclosure vulnerability exists in MDT AutoSave, which stems from the lack of security restrictions on the working directory, and allows an attacker to obtain information about a temporary...

CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...

Arbitrary File Read

python3.5 is vulnerable to arbitrary file read. Running pydoc -p allows other local users to extract arbitrary files. The /getfile?key=path URL allows to read arbitrary file on the file system...

CVE-2019-1000031

A disk space or quota exhaustion issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in...

PT-2019-11530 · WordPress · Article2Pdf

Name of the Vulnerable Software and Affected Versions: article2pdf Wordpress plugin versions 0.24 through 0.27 Description: An Information Disclosure / Data Modification issue exists in the article2pdf getfile.php file. A URL can be constructed to override the PDF file's path, allowing the downlo...

Claymore Dual GPU miner directory traversal vulnerability

Claymore Dual GPU miner is a GPU monitoring software for mining virtual currency computing. A directory traversal vulnerability exists in the remote management interface in Claymore Dual GPU miner version 10.1. A remote attacker could exploit this vulnerability by sending a pathname to minerfile ...