CVE-2024-25020

CVE-2024-25020 affects IBM Cognos Controller 11.0.0 and 11.0.1, where uploading attachments on the Journal entry page allows unrestricted filetypes, enabling attackers to upload malicious executables that could be used against victims. The issue is documented across multiple sources linked to the...

CVE-2024-40691 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2024-40691 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2024-40691

CVE-2024-40691 affects IBM Cognos Controller 11.0.0–11.0.1. The issue is a file-upload vulnerability where the web interface does not validate uploaded content, enabling attackers to upload malicious executable files that could be sent to victims for further attacks. The IBM security bulletin rec...

CVE-2024-25019 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing...

Arbitrary File Upload

agnai is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to place files in attacker-controlled locations on the server, including executable JavaScript files...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

Description Name : CVE-2023-38831 CVSS Score : 7.8...

WordPress mFolio Lite plugin <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files vulnerability

Missing Authorization to Authenticated Author+ File Upload via EXE and SVG Files vulnerability discovered by Francesco Carlucci in WordPress Plugin mFolio Lite versions = 1.2.1...

Remote Code Execution (RCE)

pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient restrictions on the /.pyload/scripts folder, allowing executable files to run automatically when certain actions, like completing a download, are triggered. Attackers can exploit this by downloading an...

CVE-2024-20370

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software FXOS CLI Root Privilege Escalation Vulnerability

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need...

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

GHSA-QQV8-PH7F-H3F7 OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build containe...

CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...

CVE-2024-27115

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...

CVE-2024-27115

CVE-2024-27115 corresponds to an authenticated RCE in SOPlanning via PHP file upload. The nuclei template specifies exploitation of SOPlanning 1.52.01 through authenticated file upload, enabling an attacker to upload and execute PHP code. Remediation is to upgrade to a version newer than 1.52.01,...

DEBIAN-CVE-2024-0110

NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service...

CVE-2024-43199

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user...

CVE-2024-43199

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user...

CVE-2024-43199

Nagios NDOUtils prior to 2.1.4 is affected by CVE-2024-43199 due to executable files owned by the nagios user, enabling local privilege escalation from nagios to root. Affected software: Nagios NDOUtils (versions before 2.1.4). Root cause: ownership of certain executables by the nagios user allow...