Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

EUVD-2018-7819

Malware in sbrugna...

EUVD-2024-47195

Malicious code in bioql PyPI...

EUVD-2023-34966

Malicious code in bioql PyPI...

EUVD-2024-52190

Malicious code in bioql PyPI...

CVE-2024-53921

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process...

Moodle 4.1.x < 4.1.3 Arbitrary Folder Creation

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.3. It is, therefore, affected by an Arbitrary Folder creation in TinyMCE. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported versi...

CVE-2024-6037

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory C: dir. This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service DoS, server...

PT-2024-35976 · Samsung · Samsung Magician

Name of the Vulnerable Software and Affected Versions: Samsung Magician version 8.1.0 Description: An issue was discovered in the installer of Samsung Magician on Windows, allowing an attacker to create arbitrary folders in the system permission directory via a symbolic link during the installati...

CVE-2024-6037 Arbitrary Folder Creation in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory C: dir. This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service DoS, server...

CVE-2024-6037

The CVE-2024-6037 entry concerns gaizhenbiao/chuanhuchatgpt version 20240410. The connected documents provide concrete details: an attacker can create arbitrary folders anywhere on the server, including the root directory (for example, C: dir). This action leads to resource exhaustion and potenti...

CVE-2024-6037 Arbitrary Folder Creation in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory C: dir. This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service DoS, server...

Exploit for External Control of File Name or Path in Moodle

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

CVE-2023-28071

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Servi...

Dell Command Update 后置链接漏洞

Dell Command Update is a tool from Dell USA used to automatically update drivers, BIOS and firmware in Dell products. A security vulnerability exists in Dell Command Update, Dell Update, Alienware Update version 4.9.0 and prior versions. An attacker could exploit the vulnerability to create...

PT-2023-4512 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js versions affected versions not specified Description: A vulnerability has been identified in the Node.js installation process, specifically affecting Windows users who install Node.js using the .msi installer. This issue arises during...

Moodle 4.1.x < 4.1.3 Arbitrary Folder Creation Vulnerability (MSA-23-0014)

Moodle is prone to an arbitrary folder creation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...

PT-2023-4763 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 4.1.x through 4.1.2 Moodle versions 4.2.x through 4.1.9 is not correct, the correct is: Moodle versions 4.2.x before 4.2.0 Description: The issue exists because the application allows a user to control the path of the folder t...

CVE-2018-15963

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation...

CVE-2018-15963

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation...