EUVD-2003-0920

Malware in sbrugna...

Flowise has arbitrary file access due to missing chat flow id validation

Summary Missing chat flow id validation allows an attacker to access arbitrary file. Details Commit https://github.com/FlowiseAI/Flowise/commit/8bd3de41533de78e4ef6c980e5704a1f9cb7ae6f and https://github.com/FlowiseAI/Flowise/commit/c2b830f279e454e8b758da441016b2234f220ac7 added check for filenam...

Write access to the catalog for any user when restricted-admin role is enabled in Rancher

Impact This vulnerability only affects customers using the restricted-admin role in Rancher. For this role to be active, Rancher must be bootstrapped with the environment variable CATTLERESTRICTEDDEFAULTADMIN=true or the configuration flag restrictedAdmin=true. A flaw was discovered in Rancher...

Totvs TOTVS Fluig 路径遍历漏洞

Totvs TOTVS Fluig is an application from the Portuguese company Totvs. It is used to automate ERP tasks. A path traversal vulnerability exists in TOTVS Fluig Luke 1.7.0 that allows directory traversal via base64 encoded files...

CVE-2020-6361

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

AIL Framework - Framework for Analysis of Information Leaks

AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information e.g...

CVE-2011-3952

The decodeinit function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a large palette size...

QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)

The version of QuickTime installed on the remote Windows host is older than 7.7.1 and may be affected by the following vulnerabilities : - A cross-site scripting issue exists in HTML files generated by the 'Save for Web' export feature. CVE-2011-3218 - A buffer overflow error exists in the handli...

CVE-2003-0930

Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex HQX encoded files, which allows remote attackers to bypass intended policy...

CVE-2003-0928

CVE-2003-0928 concerns Clearswift MAILsweeper prior to 4.3.15. The issue is that the product does not properly detect and filter RAR 3.20 encoded files, allowing remote attackers to bypass the product’s policy enforcement. The core impact is the circumvention of policy controls, enabling content ...