CVE-2024-1561 Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio

An issue was discovered in gradio-app/gradio, where the /componentserver endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the moveresourcetoblockcache method of the Block class, an attacker can copy any fi...

Umeng Push SDK Export Service Component Code Execution Vulnerability

Umeng Push SDK is a set of software development kits for developing message push programs from China AUO Umeng. Export Service component is one of the export components. A security vulnerability exists in the Export Service component in Umeng Push SDK version 3.1.X prior to 3.1.3. An attacker can...

Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/ Content-Type fields. If an email message contains an image/ Content-Type, any type of data can be embedded where the image information is expected. This ca...