CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

CVE-2023-25152

Wings (Pterodactyl) contains a privilege/escalation vector in its server control plane: affected Wings Daemon versions allow an attacker with an existing allocated server to create new files/directories on the host, potentially changing resource allocations, promoting containers to privileged mod...

PT-2023-19953 · Pterodactyl · Wings

Name of the Vulnerable Software and Affected Versions: Wings versions prior to v1.11.4 Wings versions prior to v1.7.4 Description: This issue affects Wings, Pterodactyl's server control plane, allowing an attacker to delete files and directories recursively on the host system. The vulnerability c...

File Upload Vulnerability in Intelligent Park Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2023-16897)

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by an attacker to gain...

Command Execution Vulnerability in TOTOLINK T8

The TOTOLINK T8 is a wireless dual-band router. A command execution vulnerability exists in TOTOLINK T8, which can be exploited by an attacker to gain control of the server...

GHSA-C2P4-8MVV-RWMV Apache Karaf vulnerable to potential code injection

This vulnerability is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource uses InitialContext.lookupjndiName without filtering. A...

Apache Karaf 安全漏洞

Apache Karaf is a lightweight OSGi Java Dynamic Modular System container for deploying applications and components from the Apache Foundation. A security vulnerability exists in Apache Karaf versions prior to 4.3.8 and 4.4.x prior to 4.4.2, which stems from the use of JNDI LDAP data URIs configur...

CVE-2022-46135

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=editpost , through which we can upload webshell and control the web server...

CVE-2022-46135

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=editpost , through which we can upload webshell and control the web server...

Design/Logic Flaw

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=editpost , through which we can upload webshell and control the web server...

CVE-2022-46135

CVE-2022-46135 affects AeroCms v0.0.1. The vulnerability is an arbitrary file upload at /admin/posts.php?source=edit_post that enables uploading a webshell and taking control of the web server. Affected component is the upload endpoint in the admin/post editing flow; root cause details are consis...

CVE-2022-46135

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=editpost , through which we can upload webshell and control the web server...

CVE-2022-3483

Removed by vendor...

File Upload Vulnerability in Huatian Power Collaboration Office System

Dalian Huatian Software Co., Ltd. is a high-tech enterprise organized in accordance with the international advanced management mode and system, and is a collaborative management software company known for its leading technology. A file upload vulnerability exists in Huatian Power Collaboration...

CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

File upload vulnerability exists in Tongda OA (CNVD-2022-70712)

Tongda OA is a mobile intelligent office application. There is a file upload vulnerability in Tongda OA, which can be exploited by attackers to gain control of the server...

Beijing Missy Technology Co., Ltd. play whale app has file upload vulnerability

Play Whale app is a sound dating software. Ltd. play whale app file upload vulnerability, an attacker can use the vulnerability to obtain control of the server...

Remote Code Execution Vulnerability in Damon 7 Database Kirin Edition

Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. A remote code execution vulnerability exists in Damon 7 Database Kirin Edition, which ca...

Command Execution Vulnerability in Garage Management System (CNVD-2022-59849)

Garage Management System is an easy-to-use garage management system that provides a complete garage management solution. A command execution vulnerability exists in Garage Management System that can be exploited by an attacker to gain control of the server...

Billing System Arbitrary Code Execution Vulnerability

Billing System is an easy-to-use billing system. An arbitrary code execution vulnerability exists in Billing System, which can be exploited by an attacker to gain control of the server...