19 matches found
CVE-2026-43891
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...
CVE-2026-22676
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...
CVE-2026-27947
CVE-2026-27947 affects Group-Office and enables authenticated Remote Code Execution through the TNEF attachment processing flow. In affected versions (prior to 26.0.9, 25.0.87, and 6.8.154), processing winmail.dat extracts attacker-controlled files and then calls zip with a shell wildcard. Due to...
CVE-2026-27947
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from winmail.d...
Incorrect Behavior Order: Validate Before Canonicalize
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended execution of files by crafting URLs with specific Unicode characters that manipulate the path splitting logic, potentiall...
Siemens Ruggedcom ROX Static Code Injection (CVE-2024-32487)
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...
CVE-2025-64182
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter the deprecated...
EUVD-2020-8093
Malware in sbrugna...
RSA Authentication Manager 安全漏洞
RSA Authentication Manager is a secure access and authentication platform from RSA Corporation. A security vulnerability exists in RSA Authentication Manager versions prior to 8.7 SP2 Patch 1, which stems from an XML external entity attack that can be performed via a license file, resulting in an...
PT-2025-6627 · Rsa · Emc Rsa Authentication Manager
Name of the Vulnerable Software and Affected Versions: RSA Authentication Manager versions prior to 8.7 SP2 Patch 1 Description: The issue allows XML External Entity XXE attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cann...
CVE-2024-6707
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...
CVE-2024-6707
Open WebUI suffers a path traversal and arbitrarily uploaded file vulnerability in version 0.1.105. The flaw arises when uploading files through the HTTP interface (via the + sign in the message input) to a static UPLOAD_DIR; the filename is taken from the request without validation, enabling tra...
CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...
CVE-2024-32487
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...
CVE-2020-15657
Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This...
Ganglia Web Frontend < 3.5.1 - PHP Code Execution
Assuming that ganglia is installed on the target machine at this path:/var/www/html/ganglia/ 2. Assuming the attacker has minimal access to the target machine and can write to "/tmp". There are several methods where a remote attacker can also trigger daemons or other system processes to create...
DSA-2633-1 fusionforge - privilege escalation
Bulletin has no description...
Debian DSA-681-1 : synaesthesia - privilege escalation
Erik Sjolund and Devin Carraway discovered that synaesthesia, a program for representing sounds visually, accesses user-controlled configuration and mixer files with elevated privileges. Thus, it is possible to read arbitrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
zhcon -- unauthorized file access
Martin Joey Schulze reports: Erik Sjöund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files. When installed from the FreeBSD Ports Collection, zhcon is...