4 matches found
EUVD-2026-8517
The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...
org.apache.rocketmq:rocketmq-container (>=5.0.0 <=5.1.0), org.apache.rocketmq:rocketmq-dashboard (=2.0.0) +2 more potentially affected by CVE-2023-33246 via org.apache.rocketmq:rocketmq-broker (>=5.0.0 <=5.1.0)
org.apache.rocketmq:rocketmq-broker MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.1.0 Source cves: CVE-2023-33246 Source advisory: OSV:GHSA-X3CQ-8F32-5F63...
PT-2019-12159 · Sunnet · Sunnet Wmpro
Name of the Vulnerable Software and Affected Versions: SUNNET WMPro versions 5.0 through 5.1 Description: The issue concerns an OS Command Injection vulnerability. It can be exploited via the "/teach/course/doajaxfileupload.php" API endpoint without requiring authentication. Recommendations: For...
mysql: Unspecified vulnerability allows remote authenticated users to affect availability
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors...