3 matches found
EUVD-2026-36265
tmp: Type-confusion bypass of assertPath allows path traversal via non-string prefix/postfix/template...
libreoffice: Arbitrary file write
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker...
CVE-2002-0010
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via 1 the sql parameter in buglist.cgi, 2 invalid field names from the "boolean chart" query in buglist.cgi, 3 the mybugslink parameter in userprefs.cgi, 4 a malformed bug ID in the...