116 matches found
ROS-20250710-07
YAML LibYAML analysis and creation library vulnerability is related to insufficient validation of user data in the LoadFile method. user data in the LoadFile method. Exploitation of the vulnerability could allow an attacker, acting remotely, to overwrite arbitrary files on the system...
CVE-2025-5879
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate t...
PT-2025-24323 · Unknown · Code-Projects Laundry System
Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A vulnerability has been found in the code-projects Laundry System, classified as problematic. This issue affects unknown code of the file /data/edit type.php. The manipulation of the Type...
CVE-2025-5651
CVE-2025-5651 affects code-projects Traffic Offense Reporting System 1.0. The vulnerability is caused by cross-site scripting in saveuser.php due to improper handling of input parameters (user_id/username/email/name/position), enabling injection of arbitrary scripts. Reports across multiple sourc...
CVE-2024-7309
A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h...
CVE-2024-1268
A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file updateproduct.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2025-3326 iteaj iboot 物联网网关 File Upload upload cross site scripting
A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The...
CVE-2025-2211 aitangbao springboot-manager add cross site scripting
A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit h...
CVE-2025-2195
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possib...
CVE-2025-24965 .krun_config.json symlink attack creates or overwrites file on the host in crun
crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...
CVE-2025-1157
A vulnerability was found in Allims lab.online up to 20250201 and classified as critical. This issue affects some unknown processing of the file /model/modelrecuperarsenha.php. The manipulation of the argument recuperacao leads to sql injection. The attack may be initiated remotely. The exploit h...
CVE-2023-1607 novel-plus list sql injection
A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
PT-2020-13571 · Pixar · Pixar Openusd
Name of the Vulnerable Software and Affected Versions: Pixar OpenUSD version 20.05 Description: A heap overflow issue exists when the software parses compressed sections in binary USD files. This occurs due to the way path jumps are processed in specially crafted USDC file formats, leading to a...
OPENSUSE-SU-2020:0744-1 Security update for trousers
This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package bsc1157651. This update was imported from the...
CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
CVE-2014-0027
The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...
CVE-2013-3368
bin/rt in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name...
File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities
Document Title: =============== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=939 Release Date: ============= 2013-05-04 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2012-4417
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...
CVE-2012-1174
The rmrfchildren function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."...