Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Impact The LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences e.g., ../../../etc/passwd to: - Read arbitrary files from the file system accessible to the...

Remote Code Execution (RCE)

Indico is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of LaTeX input allowing bypass via crafted syntax, which allows an attacker to read local files or execute arbitrary code on the server when LaTeX rendering is enabled...

EUVD-2021-26673

Malware in sbrugna...

EUVD-2021-13281

Malware in sbrugna...

CVE-2021-3342

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

SUSE CVE-2009-1171

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

CVE-2021-3342

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI...

Design/Logic Flaw

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

CVE-2021-3342

CVE-2021-3342 affects EPrints 3.4.2 and allows remote attackers to read arbitrary files and potentially execute commands by supplying crafted LaTeX to the cgi/latex2png?latex= URI. The connected documents corroborate an arbitrary file read vulnerability in EPrints 3.4.2 with remote access via the...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

CVE-2021-26476

CVE-2021-26476 affects EPrints 3.4.2, where a remote attacker can cause command injection by sending crafted LaTeX input to a cgi/cal?year= URI, enabling execution of OS commands. This is described as a remote, unauthenticated, network-based impact with partial confidentiality, integrity, and ava...

EPrints 操作系统命令注入漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. An arbitrary file read vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering a specially crafted LaTeX into cgi/latex2png?latex=...