19 matches found
CVE-2026-7603
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...
CVE-2026-7603 JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...
EUVD-2021-22146
Malware in sbrugna...
EUVD-2021-22145
Malware in sbrugna...
CVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
Medium: docker
Issue Overview: A flaw was found in moby. Moby buildkit calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. CVE-2020-27534 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 -...
CVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
CVE-2021-35504
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...
Remote code execution
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
CVE-2021-35505
CVE-2021-35505 affects Afian FileRun 2021.03.26. The vulnerability enables Remote Code Execution by administrators via the Check Path value for the magick binary. The description identifies a path/command handling issue in the magick binary check, leading to code execution with the attacker’s cho...
CVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
CVE-2021-35504
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...
Afian FileRun 注入漏洞
Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun 2021.03.26 that allows remote code execution via the Check Path value of ffmpeg binaries...
Observium Cross-Site Scripting Vulnerability (CNVD-2020-54792)
Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. An attacker can inject and store malicious JavaScript code via...
Observium Cross-Site Scripting Vulnerability (CNVD-2020-54791)
Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject and store malicious JavaScript code via...
Medium: zsh
Issue Overview: A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the...
zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...