Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any folder with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...

CVE-2021-24363

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector...

Denial of Service in Extension "Deferred image processing" (deferred_image_processing)

Wrong usage of the TYPO3 FAL API results in copies of processed files being saved to the /var/transient/ folder of a TYPO3 website on every frontend request. This can result in Denial of Service, since the webspace may be filled up with image files simply by crafting a large amount of requests to...

CVE-2021-32577

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions...

CVE-2021-32577

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions...

Privilege escalation

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions...

CVE-2021-32577

CVE-2021-32577 affects Acronis True Image on Windows prior to 2021 Update 5, where local privilege escalation is caused by insecure folder permissions. Impact is partial confidentiality/integrity/availability with local access. Remediation: upgrade to 2021 Update 5 or later of Acronis True Image ...

CVE-2021-32577

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions...

Acronis True Image 安全漏洞

Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. Acronis True Image suffers from a security vulnerability that stems from insecure folder...

CVE-2021-30124

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...

CVE-2021-30124

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...

ObjectPlanet Opinio 代码问题漏洞

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A code issue vulnerability exists in ObjectPlanet Opinio versions prior to 7.15, which stems from a program that allows XXE attacks by modifying a css file and importing this .xml file in the survey administration folder...

CVE-2021-30124

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...

jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin

A flaw was found in Jenkins Matrix Authorization Strategy Plugin. The jenkins plugin does not correctly perform permission checks, as consequences this allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. The highest...

Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

NCH IVM Attendant Remote Code Execution Vulnerability

NCH IVM Attendant is a complete voicemail, call attendant, and IVR solution for Windows.A security vulnerability exists in NCH IVM Attendant, which stems from the fact that if the pathname of a ZIP element is set to the Windows startup folder, a file with a built-in Out-Going Message function, or...

PT-2021-6760 · Otrs Ag · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS AG OTRS Community Edition versions 6.0.1 and later OTRS AG OTRS versions 7.0.27 and prior OTRS AG OTRS versions 8.0.14 and prior Description: The issue is related to the disclosure of information in the OTRS ticket system. It allows a...

CVE-2021-37449

Cross Site Scripting XSS exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= reflected...

Directory traversal

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt...

CVE-2021-37444

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt...