7 matches found
EUVD-2004-1401
Malware in sbrugna...
EUVD-2021-17077
Malware in sbrugna...
CVE-2023-35169
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
Description This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project. Vulnerability youtube-dl does not limit the extensions of downloaded files, which could lead to arbitrary filename...
CVE-2023-35844
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used...
PT-2023-33898 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.15 Description: The issue is related to extending a file within the last block. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.1...
CVE-2004-1405
MediaWiki 1.3.8 and earlier, when used with Apache modmime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...