26 matches found
curl: curl External-Controlled Filename in `--url @file` Leads to Arbitrary File Overwrite
Vulnerability Report: curl External-Controlled Filename in --url @file Leads to Arbitrary File Overwrite 1. Product Overview curl is a widely used command-line tool and library libcurl for transferring data with URL syntax across multiple protocols such as HTTP, HTTPS, and FTP. It is preinstalled...
EUVD-2010-2213
Malware in sbrugna...
EUVD-2020-1433
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-36674
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypa...
BIT-MEDIAWIKI-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
GHSA-7F32-HM4H-W77Q github-slug-action use of `set-env` Runner commands which are processed via stdout
Impact This GitHub Action use set-env runner commands which are processed via stdout related to GHSA-mfwh-5m23-j46w Patches The following versions use the recommended Environment File Syntax. - 2.1.1 - 1.1.1 Workarounds None, it is strongly suggested that you upgrade as soon as possible. For more...
github-slug-action use of `set-env` Runner commands which are processed via stdout
Impact This GitHub Action use set-env runner commands which are processed via stdout related to GHSA-mfwh-5m23-j46w Patches The following versions use the recommended Environment File Syntax. - 2.1.1 - 1.1.1 Workarounds None, it is strongly suggested that you upgrade as soon as possible. For more...
PT-2024-40157 · Github · Github-Slug-Action
Name of the Vulnerable Software and Affected Versions: github-slug-action versions prior to 1.1.1 github-slug-action versions prior to 2.1.1 Description: The issue is related to the use of set-env runner commands processed via stdout. It is recommended to upgrade to a version that uses the...
CVE-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
CVE-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
DEBIAN-CVE-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
UBUNTU-CVE-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
CVE-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
CVE-2023-36674
Summary: CVE-2023-36674 affects MediaWiki prior to certain fixed versions. The issue allows bypass of the Bad image list (badFile) by abusing the thumb parameter (Manualthumb) in the File syntax. Affected versions (per sources): MediaWiki before 1.35.11; 1.36.x through 1.38.x before 1.38.7; 1.39....
GHSA-JH85-WWV9-24HV Any file can be included with the pymdown-snippets extension
Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...
CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...
The vulnerability of the TGA file syntax analysis implementation in the Autodesk Design Review software lies in the ability to write beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the TGA file syntax analysis implementation in the Autodesk Design Review software relates to the writing beyond buffer boundaries in memory during DWG file syntax analysis. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context o...
The vulnerability of the ClamAV antivirus software library and the Cisco AMP security tool for end devices allows a perpetrator to trigger a service failure.
The vulnerability of the ClamAV antivirus software library and the Cisco AMP tool for protecting against malicious software in end devices is related to resource management errors during CHM file syntax analysis. Exploiting this vulnerability can allow a remote attacker to cause service...
The vulnerability of Adobe Premiere Rush software, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of Adobe Premiere Rush is related to insufficient validation of input data during the MP4 file syntax analysis. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the JT Utilities and JT Open Toolkit (JTTK) application development tools, related to data writing beyond the buffer limit, allows a perpetrator to execute arbitrary code.
The vulnerability of the JT Utilities and JT Open Toolkit JTTK application development tools is related to data writing outside of the buffer during JT file syntax analysis. Exploiting this vulnerability can allow an attacker to execute arbitrary code...