1079 matches found
Code injection
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been...
CVE-2023-1773
RockOA Rockoa 2.3.2 is affected by a code injection vulnerability in the Configuration File Handler, specifically the webmainConfig.php file. The underlying issue is unauthorized code execution triggered via the webmainConfig.php component, with remote exploitation possible and public disclosure ...
PT-2023-17233 · Rockoa · Rockoa
Name of the Vulnerable Software and Affected Versions: Rockoa version 2.3.2 Description: A critical issue has been found in the Configuration File Handler component, specifically affecting the webmainConfig.php file. This issue leads to code injection and can be initiated remotely. The exploit fo...
CVE-2023-1560
A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been...
Buffer overflow
A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been...
CVE-2023-1560 TinyTIFF File tinytiffreader.c buffer overflow
A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been...
CVE-2023-1560 TinyTIFF File tinytiffreader.c buffer overflow
A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been...
TinyTIFF 安全漏洞
TinyTIFF is a lightweight C/C++ library by Jan W. Krieger, a personal developer. It is capable of reading and writing basic TIFF files. A security vulnerability exists in TinyTIFF version 3.0.0.0, which stems from some unknown processing in the file tinytiffreader.c of the component File Handler,...
Online Pizza Ordering System SQL注入漏洞
Online Pizza Ordering System is an online pizza ordering system by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Online Pizza Ordering System version 1.0, which originates from an unknown function in the file category.php in the component GET Parameter Handler,...
CVE-2023-1191
A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...
Path traversal
A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...
CVE-2023-1191 fastcms ZIP File TemplateController.java path traversal
A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...
CVE-2023-1191
CVE-2023-1191 affects the fastcms ZIP File Handler, specifically the file path admin/TemplateController.java. Multiple connected sources describe a path traversal vulnerability that can be exploited remotely, with public disclosure of exploits. The initial descriptions note that the product does ...
The vulnerability of the Malformed File Handler component in the DOPSoft software, which is used for programming operator panels of Delta Electronics, allows a hacker to execute arbitrary code.
The vulnerability of the Malformed File Handler component in DOPSoft software, which is used for programming operator panels by Delta Electronics, relates to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially...
PT-2023-16811 · Fastcms · Fastcms
Name of the Vulnerable Software and Affected Versions: fastcms affected versions not specified Description: A problematic vulnerability has been found in fastcms, affecting an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path...
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
Summary Missing check vulnerability in the static file handler allows any client to access the files in the server's file system Details When staticFiles is set in the serve settings in the configuration file, the following handler doesn't check if absolutePath is still under the directory provid...
GO-2023-1567 Open redirect in github.com/caddyserver/caddy/v2
Due to improper request sanitization, a crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
SUSE CVE-2014-9810
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service segmentation fault and application crash via a malformed dpx file...
SUSE CVE-2018-7729
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScriptHandler.cpp...
SUSE CVE-2021-3401
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer...