CVE-2022-32994

CVE-2022-32994 affects Halo CMS v1.5.3, with an arbitrary file upload vulnerability exposed via the /api/admin/attachments/upload component. The root cause is not explicitly described in the connected documents beyond the upload endpoint vulnerability. NVD lists a HIGH/CRITICAL impact profile (CV...

The vulnerability of the Attachments component in Oracle Agile PLM allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Attachments component in Oracle Agile PLM exists due to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to the device through HTTP requests...

The vulnerability of components in the Oracle Applications Framework’s File Upload and Attachments programs allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Attachments and File Upload components of the Oracle Applications Framework exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially craft...

Halo 代码问题漏洞

Halo is a personal blog system for individual developers. A security vulnerability exists in Halo CMS version 1.5.3, which is caused by a file upload issue on the /api/admin/attachments/upload page...

Cross site scripting

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, filedownload.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScri...

MantisBT 跨站脚本漏洞

MantisBT is the Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 2.25.5, which originated from a...

CVE-2022-33995

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location...

CVE-2022-33995

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location...

Path traversal

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location...

CVE-2022-33995

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location...

The vulnerability of the Attachments/File Upload sub-component of the Oracle Applications Framework in the Oracle E-Business Suite allows a perpetrator to modify data or gain unauthorized access to protected information.

The vulnerability of the Attachments/File Upload sub-component of the Oracle Applications Framework in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to modify data or gain unauthorized access ...

[SECURITY] Fedora 35 Update: containerd-1.6.6-1.fc35

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

[SECURITY] Fedora 36 Update: containerd-1.6.6-1.fc36

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

WordPress Auto Delete Posts plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Auto Delete Posts plugin version 1.3.0 and earlier is vulnerable to cross-site request forgery, whi...

CVE-2022-1779

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...

CVE-2022-1779

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...

CVE-2022-1779

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...

CVE-2022-1779

The CVE-2022-1779 vulnerability affects the WordPress plugin Auto Delete Posts up to version 1.3.0. The issue is a missing CSRF check when updating plugin settings, enabling a logged‑in administrator to alter settings via CSRF and trigger deletion of specific posts, categories, and attachments. T...

Potent Emotet Variant Spreads Via Stolen Email Credentials

Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new malicious phishing campaigns using hijacked emails to spread new variants of the malware. The “new and improved” version...

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...