PT-2021-10553 · Metinfo · Metinfo

Name of the Vulnerable Software and Affected Versions: MetInfo version 7.0 beta Description: The issue allows attackers to delete and modify ini files in specific locations, including app/system/language/admin/language general.class.php and app/system/include/function/file.func.php...

MetInfo 路径遍历漏洞

MetInfo adopts PHP+Mysql architecture, it is a cms building system which is very friendly to SEO, fully functional, supports multi-language, responsive display, and extremely suitable for enterprise and company website construction. A file modification vulnerability exists in MetInfo 7.0 beta. An...

PT-2021-3121

Name of the Vulnerable Software and Affected Versions djvulibre versions 3.5.28 and earlier Description A flaw was found in the function DJVU::DjVuDocument::get djvu file that can cause a stack overflow via a crafted djvu file, potentially leading to an application crash and other consequences. T...

WordPress 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the Theme...

CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

GHSA-34GH-3CWV-WVP2 Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

CVE-2019-10791

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization...

CVE-2019-10791

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization...

CVE-2019-17312

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user...

CVE-2019-17312

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user...

PT-2019-14638 · Marc Q · Libwav

Name of the Vulnerable Software and Affected Versions: marc-q libwav versions through 2017-04-20 Description: The issue is related to a NULL pointer dereference in the gain file function at wav gain.c. Recommendations: For versions through 2017-04-20, at the moment, there is no information about ...

OpenSC Infinite Recursion Vulnerability

OpenSC is a set of software tools and libraries for smart cards, focusing on smart cards with cryptographic capabilities. An infinite recursion vulnerability exists in iaseccselectfile in libopensc/card-iasecc.c in OpenSC prior to 0.19.0-rc1 when processing responses from IAS-ECC cards. An attack...

Privilege escalation

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfile function...

GitBucket 4.23.1 - Remote Code Execution

GitBucket 4.23.1 - Remote Code Execution Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...

CVE-2017-1000249

An issue in file was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 Oct 2016 lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 Aug 2017...

CVE-2017-1000249

An issue in file was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 Oct 2016 lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 Aug 2017...

CVE-2017-1000249

An issue in file was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 Oct 2016 lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 Aug 2017...

PHP file include vulnerability attack and Defense combat-vulnerability warning-the black bar safety net

Summary PHP is a very popular Web development language on the Internet many Web applications are using PHP development. And in the use of PHP development of Web applications, PHP file include vulnerability is a Common Vulnerability. The use of PHP file include vulnerabilities intrusion website is...

RIPS Scanner 0.10 File Disclosure

--------------------------------------- Author : L3b-r1'z Title : Rips-Scanner File Disclosure Date\Time : 8/6/2012 Email : [email protected] Site : Sec4Ever.com & Exploit4arab.com Google Dork : allintitle: "RIPS - A static source code analyser for vulnerabilities in PHP scripts" Version : 0.10...

Pivot t参数目录遍历漏洞

BUGTRAQ ID: 30012 Pivot是一款基于WEB的帮助用户维护动态站点的工具。 Pivot的search.php文件没有正确过滤对t参数输入的便返回用于显示文件： ... // Set the template for the tags page if !isset$PivotVars't' || empty$PivotVars't' if isset$Weblogs$Currentweblog'extratemplate' && $Weblogs$Currentweblog'extratemplate'!="" $template =...