CVE-2025-34076

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

CVE-2024-45313

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

CVE-2023-47619

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of...

[SECURITY] [DLA 3995-1] libpgjava security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3995-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk December 16, 2024 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 3939-1] python-git security update

Debian LTS Advisory DLA-3939-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert October 29, 2024 https://wiki.debian.org/LTS Package : python-git Version : 3.1.14-1+deb11u1 CVE ID : CVE-2022-24439 CVE-2023-40267 CVE-2023-41040 Debian Bug : 1027163 1043503 GitPython...

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

OPENSUSE-SU-2020:2051-1 Security update for perl-DBI

This update for perl-DBI fixes the following issues: - DBD::File drivers could open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. bsc1176492, CVE-2014-10401, CVE-2014-10402 This update was imported from the SUSE:SLE-15:Update update...

xcart343.txt

X-Cart ttp://www.x-cart.comis a well distributed PHP e-commerce solution. We have discovered some security related bugs in X-Cart Version 3.4.3. It is possible that other versions are vulnerable too. Any visitor can view any file on the web server. This URL my be used as proof of concept:...

FUDforum file access and SQL Injection

FUDforum file access and SQL Injection PROGRAM: FUDforum VENDOR: Advanced Internet Designs Inc. [email protected] HOMEPAGE: http://fud.prohost.org/ VULNERABLE VERSIONS: 2.0.2, possibly others IMMUNE VERSIONS: 2.2.0 and above LOGIN REQUIRED: no some issues, admin some issues SEVERITY: medium...

QSSL Voyager 2.0 1B - Arbitrary File Access

QSSL Voyager 2.0 1B - Arbitrary File Access source: https://www.securityfocus.com/bid/1648/info The web server supplied with the QNX Voyager demo disk contains several vulnerabilities. First, Voyager will follow relative paths passed to it in requests. This includes ../ style paths, which will...

Oracle 8 - File Access

source: https://www.securityfocus.com/bid/170/info A number of security file access security vulnerabilities in suid programs that are part of Oracle may be exploited to obtain the privileges of the 'oracle' user and full access to the database system. Only the Unix version of Oracle is vulnerabl...