12 matches found
Vanna - SQL injection
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...
Important: flatpak
Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...
CVE-2024-37084
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-22263
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
Super Backup 2.0.5 Directory Traversal
Document Title: =============== Super Backup v2.0.5 iOS - Directory Traversal Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2200 Release Date: ============= 2020-04-30 Vulnerability Laboratory ID VL-ID: ==================================...
FlashGet v1.9.6 - Remote Buffer Overflow Vulnerability
Document Title: =============== FlashGet v1.9.6 - Remote Buffer Overflow Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2248 Release Date: ============= 2020-05-02 Vulnerability Laboratory ID VL-ID: ==================================== 22...
HardDrive v2.1 iOS - Arbitrary File Upload Vulnerability
Document Title: =============== HardDrive v2.1 iOS - Arbitrary File Upload Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2221 Release Date: ============= 2020-04-28 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2019-14817
A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary...
WordPress Redirection 2.7.3 Remote File Inclusion
Details ================ Software: Redirection Version: 2.7.3 Homepage: https://wordpress.org/plugins/redirection/ Advisory report: https://advisories.dxw.com/advisories/ace-file-inclusion-redirection/ CVE: Awaiting assignment CVSS: 9 High; AV:N/AC:L/Au:S/C:C/I:C/A:C Description ================...