3343 matches found
CVE-2022-26949
Archer 6.x through 6.9 SP2 P1 6.9.2.1 contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges...
CVE-2022-26949
Archer 6.x through 6.9 SP2 P1 6.9.2.1 contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges...
Improper access control
Archer 6.x through 6.9 SP2 P1 6.9.2.1 contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges...
CVE-2022-26949
CVE-2022-26949 affects Archer 6.x through 6.9 SP2 P1 (6.9.2.1). The issue is an improper access control on attachments, enabling a remote authenticated attacker to access files that should require higher privileges. Root cause: inadequate access controls on attachment handling. Impact stated: pot...
CVE-2022-26949
Archer 6.x through 6.9 SP2 P1 6.9.2.1 contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges...
Fedora: Security Advisory for containerd (FEDORA-2022-d9c9bf56f6)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for containerd (FEDORA-2022-230f2b024b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: containerd-1.6.1-1.fc35
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
[SECURITY] Fedora 34 Update: containerd-1.6.1-1.fc34
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
Nextcloud: SMTP Command Injection in iCalendar Attachments to Emails via Newlines
Note: This is similar to 1509216, but has a new source/attack vector. Apologies for not picking this up earlier. Summary: When users receive iCalendar attachments in Mail, there is an option to add it to their calendar: ██████████ Once they add it to calendar, a PUT request is sent: PUT...
Russian threat actor UAC-0056 targets European countries
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...
showdoc 跨站脚本漏洞
showdoc is open source a great tool for IT teams to share documents online. A security vulnerability exists in showdoc before 2.10.2. The vulnerability allowed .xml to store cross-site scripting attack payloads via uploaded attachments in the format found in the document library...
CVE-2021-44673
A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...
Remote code execution
A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...
Croogo 代码问题漏洞
Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. A security vulnerability exists in Croogo 3.0.2, which can be exploited to allow...
[SECURITY] Fedora 35 Update: containerd-1.6.0~rc.2-2.fc35
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
[SECURITY] Fedora 34 Update: containerd-1.6.0~rc.2-3.fc34
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
Ivanti Service Manager 跨站脚本漏洞
Ivanti Service Manager is a service manager from Ivanti USA, Inc. that helps organizations meet today's regulatory and technical demands for service delivery automation workflows. A cross-site scripting vulnerability exists in Ivanti Service Manager 2021.1 that allows reflection of cross-site...
CVE-2022-29454
Cross-Site Request Forgery CSRF vulnerability in WordPlus Better Messages plugin = 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated...
PartKeepr server-side request forgery vulnerability
PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...