CVE-2022-31134 Zulip Server public data export contains attachments that are non-public

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many...

CVE-2022-31134 Zulip Server public data export contains attachments that are non-public

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many...

PT-2022-3931 · Sap · Sap Successfactors +1

Name of the Vulnerable Software and Affected Versions: SAP SuccessFactors affected versions not specified Description: The issue is related to misconfigured application endpoints in SAP SuccessFactors attachment APIs, allowing attackers with user privileges to perform activities with admin...

Design/Logic Flaw

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

Ownership check missing when updating or deleting mail attachments

None...

PT-2022-20551 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud mail versions prior to 1.12.2 Description: The issue concerns missing user account ownership checks when performing tasks related to mail attachments in Nextcloud mail, potentially exposing attachments to incorrect system users...

SMTP Command Injection in iCalendar Attachments to emails via newlines

None...

[SECURITY] Fedora 36 Update: containerd-1.6.6-4.fc36

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

CVE-2022-32994

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload...

CVE-2022-32994

CVE-2022-32994 affects Halo CMS v1.5.3, with an arbitrary file upload vulnerability exposed via the /api/admin/attachments/upload component. The root cause is not explicitly described in the connected documents beyond the upload endpoint vulnerability. NVD lists a HIGH/CRITICAL impact profile (CV...

Halo 代码问题漏洞

Halo is a personal blog system for individual developers. A security vulnerability exists in Halo CMS version 1.5.3, which is caused by a file upload issue on the /api/admin/attachments/upload page...

Cross site scripting

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, filedownload.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScri...

MantisBT 跨站脚本漏洞

MantisBT is the Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 2.25.5, which originated from a...

CVE-2022-33995

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location...

CVE-2022-33995

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location...

Path traversal

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location...

CVE-2022-33995

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location...