7 matches found
CVE-2026-31710
A flaw was found in the Linux kernel's Server Message Block SMB client. When mounting SMB1 UNIX shares, the system may incorrectly handle directory separators. This issue arises because flags related to POSIX Access Control Lists ACLs and paths are not properly updated, leading to the use of an...
CVE-2026-31710
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...
CVE-2026-31710
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...
IPX Allows Path Traversal via Prefix Matching Bypass
Summary The approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. PoC - setup mkdir /public123 move a png file...
Fedora 30 : php-twig2 (2019-c7c03cd449)
Version 2.7.2 2019-03-12 - added TemplateWrapper::getTemplateName ---- Version 2.7.1 2019-03-12 - fixed class aliases ---- Version 2.7.0 2019-03-12 - fixed sandbox security issue under some circumstances, calling the toString method on an object was possible even if not allowed by the security...
CVE-2018-9851
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...
WordPress InBoundio Marketing Plugin 1.0 /admin/partials/csv_uploader.php 文件上传漏洞
/admin/partials/csvuploader.php?php $ds = DIRECTORYSEPARATOR; //1 $storeFolder = 'uploadedcsv'; //2 if !empty$FILES $FILES'file''name' = pregreplace'/^A-Za-z0-9 .-/', '', $FILES'file''name'; $FILES'file''name' = pregreplace'/\s+/', '', $FILES'file''name'; $tempFile = $FILES'file''tmpname'; //3...