10 matches found
EUVD-2025-10880
Malicious code in bioql PyPI...
CVE-2025-3562
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-3562 Yonyou YonBIP userfile FileInputStream path traversal
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-3562 Yonyou YonBIP userfile FileInputStream path traversal
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-3562
Summary (CVE-2025-3562): A path traversal vulnerability exists in Yonyou YonBIP MA2.7, specifically in the FileInputStream function of the file /mobsm/common/userfile. The manipulation of the argument path enables traversal and remote exploitation. Connected sources confirm the affected software/...
PT-2025-16213 · Yonyou · Yonyou Yonbip Ma2.7
Name of the Vulnerable Software and Affected Versions: Yonyou YonBIP MA2.7 Description: A vulnerability was found in the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. Recommendations...
CVE-2019-2105
In FileInputStream::Read of fileinputstream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...
Memory corruption
In FileInputStream::Read of fileinputstream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...
CVE-2019-2105
CVE-2019-2105 affects Android’s library component: in FileInputStream::Read of file_input_stream.cc, a memory corruption due to uninitialized data could enable remote code execution in an unprivileged process. Exploitation requires user interaction. Affected Android versions include 7.0, 7.1.1, 7...
turbomail文件读取漏洞
简要描述: 登录情况下有效。 详细说明: Web.xml中有个j2me的servlet 打开反编译出来的J2MEServlet.java,有以下的代码: else if ACTIONTYPE.equals"ACTIONVIEWEMAILATTACHS" / 348 / String sessionId = dataInputStream.readUTF; / 349 / if sessionId == null / 350 / return; / / / / / 353 / String mbtype = dataInputStream.readUTF; / 354 / String...