22 matches found
EUVD-2024-45986
Malicious code in bioql PyPI...
EUVD-2024-45987
Malicious code in bioql PyPI...
EUVD-2024-45988
Malicious code in bioql PyPI...
CVE-2024-52056
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file...
CVE-2024-52054
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system...
CVE-2024-52054
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system...
CVE-2024-52055
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file...
CVE-2024-52055
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file...
CVE-2024-52056 Application Delete Path Traversal in Wowza Streaming Engine
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file...
CVE-2024-52055 Application Copy Path Traversal in Wowza Streaming Engine
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file...
CVE-2024-52054 Application Creation Path Traversal in Wowza Streaming Engine
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system...
PT-2024-8653 · Wowza · Wowza Streaming Engine
Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to read any file on the fil...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
IBM MQ 输入验证错误漏洞
IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable, validated messaging backbone for service-oriented architectures SOA. An input validation error vulnerability exists in IBM MQ for HPE NonStop version...
OpenAPI Missing MIME Types
OpenAPI specification is an API description format for REST APIs. An OpenAPI file is written in YAML or JSON and describes all the API properties like the available endpoints with the related operations or the authentication methods. The consumes field defines the expected data types for POST, PU...
Xxe
FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity XXE vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based...
CVE-2021-32754 Improper Restriction of XML External Entity Reference in de.tud.sse
FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity XXE vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based...
Symantec IM Manager Administrative Interface LoggedInUsers.lgx Definition File SQL Injection Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx and rdPage.aspx pages which is exposed through an IIS...