5046 matches found
CVE-2023-22947
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...
CVE-2023-22947
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...
Shibboleth 代码问题漏洞
Shibboleth is an open source SAML protocol Web Single Sign-On system for Windows from Shibboleth, UK. A security vulnerability exists in Shibboleth Service Provider SP Windows versions prior to 3.4.1, which stems from the installation being located under C:opt instead of C:Program Files by defaul...
PT-2023-18789 · Unknown · Shibboleth Service Provider
Name of the Vulnerable Software and Affected Versions: Shibboleth Service Provider SP versions prior to 3.4.1 Description: The issue concerns insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP. This allows an unprivileged local attacker to escalate...
CVE-2023-22947
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...
CVE-2023-22947
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...
WordPress Slider Revolution 4.6.5 Shell Upload
==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...
PT-2023-13266 · Unknown · Bluetooth Host
Name of the Vulnerable Software and Affected Versions: Bluetooth HOST affected versions not specified Description: The issue is related to information disclosure due to a buffer over-read in the Bluetooth HOST. This occurs while processing GetFolderItems and GetItemAttribute commands from a peer...
PT-2023-18518 · Tokio · Tokio
Name of the Vulnerable Software and Affected Versions: Tokio versions 1.7.0 through 1.18.3 Tokio versions 1.18.4 through 1.20.2 Tokio versions 1.20.3 through 1.23.0 Description: When configuring a Windows named pipe server, setting pipe mode will reset reject remote clients to false. If the...
Rails CV App 路径遍历漏洞
Rails CV App is a Rails application by the individual developer Bertrand Caron. A path traversal vulnerability exists in Rails CV App. An attacker can exploit this vulnerability to obtain sensitive information in the path folder...
CVE-2021-45466
In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...
CVE-2022-46171 Tauri vulnerable to path traversal
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...
Tauri 路径遍历漏洞
Tauri is Tauri open source to build smaller, faster and more secure desktop applications using a web front end. Tauri has a path traversal vulnerability. Attackers use this vulnerability to obtain the contents of the path's sub-folder...
PT-2022-27785 · Tauri · Tauri
Name of the Vulnerable Software and Affected Versions: Tauri versions prior to the latest release Tauri versions 1.x prior to the backported patch Description: The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes su...
CVE-2022-22756
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91....
Apache Zeppelin input validation error vulnerability
Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. Apache Zeppelin is vulnerable to an input validation error that results from improper input validation in its Move folder to Trash...
CVE-2022-4558
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...
DEBIAN-CVE-2022-4558
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...
Cross site scripting
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...
UBUNTU-CVE-2022-4558
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...