23 matches found
EUVD-2019-18571
Malware in sbrugna...
EUVD-2014-2564
Malware in sbrugna...
EUVD-2022-2393
Malicious code in bioql PyPI...
CVE-2025-53927 MaxKB sandbox bypass
MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...
CVE-2025-53927
MaxKB before 2.0.0 has a sandbox bypass where the security design restricts only a specific directory’s execution permissions. An attacker can abuse Python’s shutil.copy2 to copy a command into the executable directory, bypassing the directory restrictions and enabling a reverse shell. Affected p...
PT-2025-27262 · Marvell · Marvell Qconvergeconsole
Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole affected versions not specified Description: The issue is related to a directory traversal remote code execution vulnerability in the saveAsText function. This allows for potential remote code execution...
CVE-2025-6445
CVE-2025-6445 affects ServiceStack via the FindType method, where lack of validation of a user-supplied path in file operations enables remote code execution in the context of the current process. Documented by multiple connected sources (e.g., ZDI advisory ZDI-25-416; Red Hat CVE entry) with att...
CVE-2025-6218 RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...
CVE-2025-45890
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter...
CVE-2022-28052
Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution...
CVE-2021-29417
gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal...
CVE-2012-6652
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress wppageflip allows remote attackers to include and execute arbitrary local files via a .. dot dot in the pageflipbooklanguage parameter...
CVE-2025-2449
NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the target must visit ...
CVE-2021-29417
gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal...
SUSE-SU-2019:0286-1 Security update for docker
This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues: Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: - CVE-2018-16873: cmd/go: remote command execution during 'go get -u' bsc1118897 -...
CVE-2017-7444
In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed...
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/261/info Lax permission in the Windows NT help file folder and a buffer overflow in the Help utility may allow malicious users to gain Administrator privileges. The Windows NT Help utility parses and displays help...
jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities
Document Title: =============== jDisk stickto v2.0.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1196 Release Date: ============= 2014-02-11 Vulnerability Laboratory ID VL-ID: ==================================== 11...
Webshell under to crack computer administrator password-vulnerability warning-the black bar safety net
Method of use: 1, The your password dictionary was renamed into the psw. txt, upload to the target server is an executable, writable directory. It is assumed that this directory is: c:\windows\temp\ 2, The program upload to the c:\windows\temp, and then run it. 3, and then is wait a few...
CVE-2008-4769
Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...