11 matches found
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
CVE-2023-4904
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...
CVE-2023-4904
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...
Design/Logic Flaw
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...
CVE-2023-4904
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...
CVE-2023-4904
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...
CVE-2023-4904
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...
PT-2023-5487 · Google +2 · Google Chrome +2
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 117.0.5938.62 Description: The issue is related to insufficient policy enforcement in the Downloads component of Google Chrome, allowing a remote attacker to bypass Enterprise policy restrictions. This can be...
Cross site scripting
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...
The vulnerability of the software for automating the deployment of IBM UrbanCode Deploy (UCD) applications, related to lack of access control, allows a perpetrator to execute arbitrary code.
The vulnerability of the software for automating the deployment of IBM UrbanCode Deploy UCD applications is related to lack of access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code on machines equipped with the UCD agent where client...