CVE-2019-18321

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server All versions. An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is...

CVE-2023-4949

An attacker with local access to a system either through a disk or external drive can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation...

EUVD-2018-16647

Malware in sbrugna...

EUVD-1999-0167

Malware in sbrugna...

EUVD-2021-6979

Malicious code in bioql PyPI...

EUVD-2022-48024

Malicious code in bioql PyPI...

EUVD-2022-2468

Malicious code in bioql PyPI...

EUVD-2022-3159

Malicious code in bioql PyPI...

EUVD-2023-39796

Malicious code in bioql PyPI...

CVE-2025-46348

YesWiki prior to 4.5.4 allows unauthenticated backups via the archives API, enabling archive creation and download with predictable filenames. This undermines authentication, exposes potentially sensitive site data, and can enable DoS by mass archive creation. The issue has been fixed in version ...

CVE-2024-7773

...

Gogs allows argument injection during the previewing of changes

Impact Unprivileged user accounts can write to arbitrary files on the filesystem. We could demonstrate its exploitation to force a re-installation of the instance, granting administrator rights. It allows accessing and altering any user's code hosted on the same instance. Patches Unintended Git...

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2024-2965)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and...

Unspecified Vulnerability in Cisco TelePresence Collaboration Endpoint and Cisco RoomOS

Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of the U.S. company Cisco Cisco.Cisco RoomOS Software is a set of automatic management software for Cisco devices. The software is mainly used for upgrading and managing the motherboard firmware of Cisc...

HarmonyOS Denial of Service Vulnerability

HarmonyOS is a distributed operating system for all scenarios developed by Huawei, a Chinese company. A denial of service vulnerability exists in a component of HarmonyOS 2.0. A local attacker can exploit this vulnerability to install a file system on a target device, which could result in a file...

Linux kernel path traversal vulnerability (CNVD-2021-09806)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A path traversal vulnerability exists in Linux kernel 5.10.8 and earlier versions, which can be exploited by an attacker to traverse the rest of the file system via READDIRPLUS...

PT-2019-2899 · Icedtea +4 · Icedtea-Web +4

Name of the Vulnerable Software and Affected Versions: icedtea-web versions 1.7.2 and earlier icedtea-web versions 1.8.2 and earlier Description: The issue is related to a zip-slip attack during auto-extraction of a JAR file, which could allow an attacker to write files to arbitrary locations. Th...

Winace UnAce 1.x - ACE Archive Directory Traversal

source: https://www.securityfocus.com/bid/12628/info A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE format archives. An attacker may leverage this issue b...

Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation

Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation source: https://www.securityfocus.com/bid/10514/info Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted fro...

Symlink attack in (all?) Samba. - Local root walkthrough by Tozz

Symlink attack in all? Samba. - Local root walkthrough by Tozz ================================================================= Requirements: Shell access or any other way to create symlinks A running samba deamon The username and/or password of a user named in the admin lists in one or more...