Abstrium Pydio Cells Input Validation Error Vulnerability (CNVD-2020-33353)

Abstrium Pydio Cells is a next-generation file-sharing platform developed in the Go language by Abstrium France. A security vulnerability exists in Abstrium Pydio Cells version 2.0.4. The vulnerability can be exploited to allow an attacker to execute arbitrary binaries...

CVE-2020-12847

CVE-2020-12847 affects Pydio Cells 2.0.4. An authenticated administrator can modify the mailer configuration (sendmail engine) and change the path to the sendmail binary without restriction, allowing execution of an arbitrary binary on the server. This is part of a set of vulnerabilities disclose...

CVE-2019-11200

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

UBUNTU-CVE-2019-11200

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

Input validation

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

USN-4047-1 libvirt vulnerabilities

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile...

cvs security problem

I found two security problems in cvs-1.10.8. 1 A committer can execute any binary in server using CVS/Checkin.prog or CVS/Update.prog. A committer can execute arbitrary binary on a cvs server using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when t...

cvs-1.10.8.txt

I found two security problems in cvs-1.10.8. 1 A committer can execute any binary in server using CVS/Checkin.prog or CVS/Update.prog. A committer can execute arbitrary binary on a cvs server using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when t...

CVS Kit CVS Server 1.10.8 - 'Checkin.prog' Binary Execution

source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and it is sent back to the server and executed with committin...

CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution

CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and...