Duplicate Advisory: "Arbitrary code execution in socket.io-file"

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6495-8jvh-f28x. This link is maintained to preserve external references. Original Description "The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows...

Privilege escalation

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag Full for 'Everyone'and 'Authenticated...

CVE-2021-1441 Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability

A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is...

Chriswalz bit 代码问题漏洞

Chriswalz bit is Chriswalz an open source application . Provides an experimental git-based modernization of the git CLI. ChrisWalz bit 1.0.5 version of the previous code problem vulnerability , an attacker can exploit the vulnerability can be through a carefully crafted repository in the .exe fil...

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

Directory traversal

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

Remote code execution

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...

CVE-2020-26285 Widget instances allows a hacker to inject an executable file on the server on OpenMage

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...

CVE-2020-26252

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...

CVE-2020-26252

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...

Remote code execution

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...

CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

Design/Logic Flaw

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

DLL Hijacking Vulnerability in Cyberdocument Windows Client

Xunfei Document is an online document software that supports multiple people and multiple ends to edit at the same time, produced by KDDI. Xunfei Document windows client DLL hijacking vulnerability, an attacker can use the vulnerability in the client process to inject executable DLL file, to...

Command Execution Vulnerability in Huaan Securities Options Bowl

Huaan Securities Options Bao is an individual stock options online trading Qianlong version of the client is a set of individual stock options quotes, strategies, trading in one of the professional terminal. Huaan Securities Options Treasure suffers from a command execution vulnerability, which c...

Command Execution Vulnerability in Xiaozhi Desktop

Smart Desktop is a desktop organizer that improves office efficiency. Xiaozhi Desktop suffers from a command execution vulnerability, which can be exploited by an attacker to inject an executable DLL file into a client process to perform arbitrary functions...

Command Execution Vulnerability in SourceWise Editor Client Software

SourceWise Editor is a brand new hardware programming client that is the latest addition to Programming Cat. A command execution vulnerability exists in the Source Code Wise Editor client software, which can be exploited by an attacker to inject an executable DLL file into the client process to...

Command Execution Vulnerability in Kingdee Wisdom Store Edition Client Software

Developed by YouShang.com, an e-commerce service website under Kingdee International Software Group HK Code: 268, WisdomJournal is China's first free management software tailored for individual merchants to manage their sales and inventories, with the core value of "accurate quotes and clear...

CVE-2020-25406

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...