2133 matches found
CVE-2024-10672
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...
CVE-2024-10672
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...
CVE-2024-10672
CVE-2024-10672: The Multiple Page Generator Plugin – MPG for WordPress is vulnerable to directory traversal that enables authenticated attackers with editor-level access (and higher) to delete limited server files. Affected versions are
WordPress plugin Multiple Page Generator Plugin – MPG 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Multiple...
CVE-2024-10470
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...
CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...
CVE-2024-10626
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteuploadedfile function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-10625
CVE-2024-10625 affects the WooCommerce Support Ticket System plugin for WordPress. It enables unauthenticated deletion of arbitrary files via delete_tmp_uploaded_file() due to insufficient path validation in versions up to 17.7, with potential remote code execution when critical files (e.g., wp-c...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
python-django: Potential directory-traversal in django.core.files.storage.Storage.save()
A vulnerability was found in Python-Django in the Derived classes of the django.core.files.storage.Storage base class that overrides the generatefilename without replicating the file path validations existing in the parent class. This flaw allows potential directory traversal via certain inputs...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...