UBUNTU-CVE-2023-24283

A crafted save file can cause a buffer overrun in the Guess puzzle...

UBUNTU-CVE-2023-24291

A crafted save file can cause a buffer overrun in Simon Tathams Portable Puzzle Collection...

UBUNTU-CVE-2023-24284

A crafted save file can cause a buffer overrun in the Guess puzzle...

CVE-2023-24285

A crafted save file can cause a buffer overrun in the Netslide puzzle...

CVE-2023-24291

A crafted save file can cause a buffer overrun in Simon Tathams Portable Puzzle Collection...

CVE-2022-39811

Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassin...

Covid-19 Travel Pass Management System 跨站脚本漏洞

Covid-19 Travel Pass Management System is a Covid-19 travel pass management system. The Covid-19 Travel Pass Management System v1.0 version contains a cross-site scripting vulnerability that originates in /ctpms/classes/Users.php?f=save and lacks data validation filters for user-supplied data and...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by the window.showSaveFilePicker function that parses and returns environment variable values to the user when passing environment variables, which can be exploited by an attacker to...

Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug

The latest installment of the Dark Souls gaming franchise, Elden Ring, contains a security vulnerability that allows bad actors to throw players on PCs into an endless loop of losing their characters’ lives, rendering it essentially unplayable. Malwarebytes Labs researcher Christopher Boyd said...

Unspecified vulnerability in ZZCMS licence_save.php file

ZZCMS is a content management system CMS by the ZZCMS team in China. A security vulnerability exists in the user/licencesave.php file in ZZCMS 8.3 and earlier versions. An attacker can exploit the vulnerability to execute code...

Buffer overflow

A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to at least crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to addparamtoargv in xshared.c...

CVE-2019-11360

A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to at least crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to addparamtoargv in xshared.c...

CVE-2019-11360

A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to at least crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to addparamtoargv in xshared.c...

FruityWifi Code Execution Vulnerability

FruityWifi is a wireless network auditing tool. A security vulnerability exists in the www/modules/save.php file in FruityWifi 2.4 and earlier versions. A remote attacker can exploit this vulnerability by sending a specially crafted 'modname' parameter via a POST request to execute arbitrary code...

MetInfo Cross-Site Scripting Vulnerability (CNVD-2018-08331)

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site scripting vulnerability exists in the save.php file in MetInfo version 6.0. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML...

ZZCMS user/licence_save.php file arbitrary file deletion vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in the user/licencesave.php file in ZZCMS version 8.2. The vulnerability can be exploited by a remote attacker to delete arbitrary files with the 'oldimg' parameter in an...

CVE-2017-1000383

GNU Emacs version 25.3.1 and other versions most likely ignores umask when creating a backup save file "ORIGINALFILENAME" resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary...

CVE-2017-1000383

CVE-2017-1000383 affects GNU Emacs (notably version 25.3.1) and possibly other versions. The vulnerability stems from Emacs creating backup save files ("[ORIGINAL_FILENAME]~") without honoring the process umask, which can result in backup files being world-readable or otherwise exposed beyond the...

WebsiteBaker Arbitrary PHP Code Execution Vulnerability

WebsiteBaker is an open source PHP content management system CMS maintained and developed by the WebsiteBaker organization. The system supports WYSIWYG editor, search engine optimization and add-ons. A security vulnerability exists in the install\save.php file in WebsiteBaker version 2.10.0. The...

Code injection

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...