CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

EUVD-2011-2945

Malware in sbrugna...

CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...

[SECURITY] Fedora 42 Update: darktable-5.2.0-1.fc42

darktable manages your camera raw files and images in a database, lets you view them through lighttable mode and develop/enhance them in darkroom mode...

[SECURITY] Fedora 40 Update: git-lfs-3.6.1-1.fc40

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

[SECURITY] Fedora 41 Update: git-lfs-3.6.1-1.fc41

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

CVE-2024-50353

CVE-2024-50353 affects the ICG.AspNetCore.Utilities.CloudStorage library. Vulnerability: when a SAS URI duration is set to a value other than 1 hour, the generated URL may have a duration longer or shorter than intended; users not implementing SAS URIs are unaffected. Root cause: incorrect handli...

CVE-2022-28478

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system...

Directory traversal

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system...

GHSA-X9RQ-FJP5-QGM9 OctoPrint Incorrect Access Control

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not .log files...

March 10, 2020—KB4540693 (OS Build 10240.18519)

March 10, 2020—KB4540693 OS Build 10240.18519 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates an issue that might prevent icons and cursors from appearing as expecte...

Important: bind

Issue Overview: A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as l...

[SECURITY] Fedora 28 Update: git-annex-6.20180626-1.fc28

Git-annex allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with f iles larger than git can currently easily handle, whether due to limitations in memory, time, or disk space. It can store large files in many...

Uploadr - Project Files Management /download at SQL injection

Uploadr - Project Files Management /download at the presence of SQL injection Injection point: http://download.lagunaproperty.com/download?file=SQL error-based payload: /download? file=1%' AND SELECT 2IFSELECT FROM SELECT CONCATmd5233,0x716a767a71,SELECT ELT4943=4943,1,0x7176716b71,0x78s,...

Uploadr - Project Files Management /search of SQL injection

Uploadr - Project Files Management /search of the presence of SQL injection Injection point: http://download.lagunaproperty.com/search?keyword=SQL error-based payload: /search? keyword=1%' AND SELECT 2IFSELECT FROM SELECT CONCATmd5233,0x716b717871,SELECT ELT4271=4271,1,0x7170707071,0x78s,...

Uploadr - SQL Injection

Uploadr - SQL Injection Exploit Title: Uploadr - Project Files Management - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://lagunaproperty.com/ Software Buy: https://codecanyon.net/item/uploadr-project-files-management/13545125 Demo: http://download.lagunaproperty.com/...