PT-2024-22556 · Ifm · Smart Plc Ac14Xx Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker with high privileges may use a reading file function to inject OS commands. There is no information provided about the estimated numbe...

Smart PLC AC14xx and Smart PLC AC4xxS Operating System Command Injection Vulnerability

The ifm electronic Smart PLC AC14xx and ifm electronic Smart PLC AC4xxS are a series of hosts/gateways from ifm electronic Germany. An operating system command injection vulnerability exists in Smart PLC AC14xx and Smart PLC AC4xxS versions 4.3.17 and earlier, which originates from a remote...

PT-2024-22559 · Ifm · Smart Plc Ac14Xx Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker with high privileges may use a deleting file function to inject OS commands. There is no information provided about the estimated numb...

Medium: nasm

Issue Overview: Null pointer dereference in ieeewritefile in nasm 2.16rc0 allows attackers to cause a denial of service crash. CVE-2023-38665 Affected Packages: nasm Issue Correction: Run dnf update nasm --releasever 2023.4.20240611 or dnf update --advisory ALAS2023-2024-642 --releasever...

LoLLMs 命令注入漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A command injection vulnerability exists in LoLLMs that stems from the openfile function not neutralizing special elements used in user uploaded commands...

PT-2024-10836 · Unknown · Cyberaz0R Webrat

Name of the Vulnerable Software and Affected Versions: cyberaz0r WebRAT up to 20191222 Description: A critical issue affects the function download file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The real...

s::can moni::tools path traversal vulnerability

s::can moni::tools is a platform from s::can for managing a virtually unlimited number of sites, online probes, analyzers, and parameters. A path traversal vulnerability exists in s::can moni::tools version 4.6.3, which originates from allowing an authenticated attacker to retrieve any file from ...

CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

PT-2024-17959 · WordPress · The Login Lockdown – Protect Login Form

Name of the Vulnerable Software and Affected Versions: The Login Lockdown – Protect Login Form plugin for WordPress versions up to, and including, 2.08 Description: The issue is related to a missing capability check on the generate export file function. This allows authenticated attackers with...

CVE-2023-4469

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

Supcon InPlant SCADA Security Vulnerability

Supcon InPlant SCADA is a SCADA program from China Zhongguancun Technology Supcon. A security vulnerability exists in Supcon InPlant SCADA that stems from the presence of an unknown function in Project.xml that results in an under-computed password hash...

Relying on string comparisons to determine which parameter to update in the file() function is brittle and could lead to unintended consequences.

Lines of code Vulnerability details Impact This can allow unintentionally changing sensitive state variables Proof of Concept The vulnerability arises because: file relies on a simple string comparison of the what parameter to determine which state variable to update. A developer could accidental...

nasm 代码问题漏洞

Nasm is an open source programming tool software from The Nasm Development Team team. A security vulnerability exists in nasm version 2.16rc0, which stems from a null pointer dereference issue in ieeewritefile...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the file function at Response.php due to the MIME auto-detection of uploaded files which allows an attacker to upload a file with an arbitrary MIME type and inject arbitrary scripts...

PT-2023-23100 · Kylinsoft · Youker-Assistant

Name of the Vulnerable Software and Affected Versions: KylinSoft youker-assistant versions prior to 3.0.2-0kylin6k70-23 Description: A critical issue was found in the delete file function of the dbus.SystemBus library in the Arbitrary File Handler component, leading to improper access controls...

bloofoxCMS 路径遍历漏洞

bloofoxCMS is a Php-based text content management system by the individual developer of bloofoxCMS. A security vulnerability exists in bloofoxCMS version v0.5.2, which stems from the discovery of an arbitrary file deletion vulnerability contained via the deletefile function...

PT-2023-21361 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2 Description: The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the delete file function. Recommendations: For bloofox version 0.5.2, consider disabling the delete...

PT-2023-5284 · Libeconf +1 · Libeconf +1

Name of the Vulnerable Software and Affected Versions: libeconf affected versions not specified Description: The issue is related to the econf writeFile function in the libeconf library, which is used for configuration file analysis and management. It involves a buffer overflow in memory, allowin...

SUSE CVE-2017-1000249

An issue in file was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 Oct 2016 lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 Aug 2017...

SUSE CVE-2018-1000667

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption crashed of nasm when handling a crafted file due to function assemblefileinname, dependptr at asm/nasm.c:482. vulnerability in function assemblefileinname, dependptr at asm/nasm.c:482. that can result in...