SUSE CVE-2021-46931

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5etxreporterdumpsq casts its void argument to struct mlx5etxqsq , but in TX-timeout-recovery flow the argument is actually of type struct mlx5etxtimeoutc...

tcpslice: use-after-free in extract_slice()

A heap use-after-free flaw was found in tcpslices' extractslice. This flaw allows an attacker with local network access to pass a specially crafted 'pcap' file to tcpslice, causing segmentation fault. This vulnerability halts or crashes the application, leading to a denial of service...

facileManager SQL Injection Vulnerability

facileManager is a suite of modular Web applications from facileManager, Inc. facileManager suffers from an SQL injection vulnerability that originates from an unsafe call to the extract function in admin-logs.php. An attacker can use this vulnerability to view, add, modify, or delete information...

Sql injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

facileManager SQL注入漏洞

facileManager is a suite of modular Web applications from facileManager, Inc. facileManager suffers from an SQL injection vulnerability that originates from an unsafe call to the extract function in admin-logs.php. An attacker can use this vulnerability to view, add, modify, or delete information...

tcpslice: use-after-free in extract_slice()

A heap use-after-free flaw was found in tcpslices' extractslice. This flaw allows an attacker with local network access to pass a specially crafted 'pcap' file to tcpslice, causing segmentation fault. This vulnerability halts or crashes the application, leading to a denial of service...

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-2663)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote...

CVE-2023-52262

outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...

CVE-2023-52262

outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...

Input validation

outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...

PT-2023-8937 · Outdoorbits · Little-Backup-Box

Name of the Vulnerable Software and Affected Versions: outdoorbits little-backup-box versions prior to f39f91c Description: The issue allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. This is due to insufficient validation of input dat...

CVE-2023-52262

Outdoorbits Little-backup-box; vulnerable in versions prior to f39f91c due to untrusted input being fed to PHP extract, enabling remote code execution. A fix exists in the commit f39f91c; advised remediation is to update to a version after f39f91c (or temporarily disable PHP extract for untrusted...

CVE-2023-52262

outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...

Little Backup Box Security Vulnerability

Little Backup Box is a pocket-sized backup solution from the individual developers at outdoorbits that turns a single board computer into a multifunctional one. Little Backup Box suffers from a security vulnerability that stems from the presence of untrusted inputs to the PHP extract function,...

tracker-miners: sandbox escape

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...

tracker-miners: sandbox escape

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...