CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

phpMyFAQ Stored Cross-site Scripting at File Attachments

Summary An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks. Details When attachments are uploaded without an extension, the application renders it as HTML by default. Therefore...

GHSA-MMH6-5CPF-2C72 phpMyFAQ Path Traversal in Attachments

Summary There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. PoC 1. In settings, the attachment location is vulnerable to path traversal and can be set to e.g ..\hacked 2. When the above is set...

phpMyFAQ Path Traversal in Attachments

Summary There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. PoC 1. In settings, the attachment location is vulnerable to path traversal and can be set to e.g ..\hacked 2. When the above is set...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

AZL-37106 CVE-2024-30204 affecting package emacs for versions less than 29.3

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

DEBIAN-CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

UBUNTU-CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

PT-2024-22799 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This issue can be exploited by remote...

CVE-2024-30204

CVE-2024-30204 (Emacs) affects Emacs before 29.3, where LaTeX preview is enabled by default for e‑mail attachments, potentially enabling denial of service. Connected advisories from multiple vendors confirm the issue and recommend upgrading Emacs to a version including the fix (≥29.3). In practic...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

PT-2024-2371 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions 8.1 and later Description: The issue is related to the lack of protection for the web page structure, allowing an attacker to conduct cross-site scripting XSS attacks using specially crafted .html files. An attacker with adm...

Emacs 安全漏洞

Gnu emacs is a family of text editors in the American GNU community. Gnu emacs suffers from a security vulnerability that stems from enabling LaTeX preview for email attachments by default. No details of the vulnerability are provided at this time...

PT-2024-23253 · Emacs +7 · Emacs +7

Name of the Vulnerable Software and Affected Versions: Emacs versions prior to 29.3 Description: The issue is related to LaTeX preview being enabled by default for e-mail attachments in Emacs. This could potentially allow attackers to execute remote code. There is no information provided about th...

PT-2024-22317 · Unknown · Weasyprint

Name of the Vulnerable Software and Affected Versions: WeasyPrint versions 61.0 through 61.1 Description: WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, ev...