MAL-2026-613 Malicious code in fastpi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2928970260fda87aaa57272b8042ae1a9661ad1a1bdeec1e73903e84ce3354cd Malicious copy of the legitimate FastAPI. The modification loads code encrypted in one of the attached files. The final, highly obfuscated code is most likely...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an unvalidated upload type, which may result in the upload of a non-attached file type. The following versions are affected: 10.8.3 and...

Improper Access Control

github.com/mattermost/mattermost/ is vulnerable to Improper Access Control. The vulnerability is due to a failure in restricting the access of files attached to posts in an archived channel even if the Allow users to view archived channels option is disabled. This may lead to leak of sensitive...

Nextcloud: Possibility to delete files attached to deck cards of other users

Hi everyone, Hope you are well ! I come to report here an IDOR vulnerability on the Deck application of Nextcloud, allowing to delete any attached files on any cards. Nextcloud deck app version : latest stable 1.8.0 Steps To Reproduce: The Nextcloud Deck application now offers the ability to add ...

CVE-2018-13388

The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in attached files...

RubyGems: Installer can modify other gems if gem name is specially crafted

Installer can modify other gems if gem name is specially crafted The installlocation function allows writing to certain files outside the installation directory. The installlocation function in lib/rubygems/package.rb attempts to ensure that files are not installed outside destinationdir. However...

Atlassian Confluence XSS Vulnerability

Atlassian Confluence is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting Vulnerability

Tempest Security Intelligence Advisory ADV-3/2016 - Atlassian Confluence version 5.9.12 is vulnerable to persistent cross site scripting because it fails to securely validate user controlled data, thus making it possible for an attacker to supply crafted input in order to harm users. The bug occu...

Uber: reopen #128853 (Information disclosure at lite.uber.com)

Issue in 128853 occurs again. 1. go to https://login.uber.com/oauth/v2/authorize?responsetype=code&redirecturi=https%3A%2F%2Flite.uber.com%2Fauth%2Fcallback&scope=profile%20history%20places%20historylite%20requestreceipt%20request%20paymentbaiduwallet&clientid=y-JJyZRABnEwbJQq4VdQPORo4EKqv0j 2...

CVE-2012-1103

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message...

Simple Machines Forum XSS / XSRF / PHP Execution

This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net http://labs.elhacker.net/simpleaudit Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities. The vulnerabilities that also appl...

Improper access control

The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...

CVE-2007-0506

The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...

CVE-2007-0506

The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...

Доступ к прикрепленным файлам в Lotus Notes (unauthorized access)

Не имея доступа к документу непривилегированный пользователь может тем не менее получить доступ к прикрепленному файлу...

Переполнение буфера в Outlook Express

Переполнение буфера, при длинном MIME-поле filename для прикрепленных файлов графических форматов...