20 matches found
CVE-2018-25326
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the filename parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to...
EUVD-2018-21848
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the filename parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to...
CVE-2018-25326 Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the filename parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to...
CVE-2018-25326 Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the filename parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to...
CVE-2018-25326
CVE-2018-25326 affects Google Drive for WordPress 2.2 and involves a path traversal vulnerability in gdrive-ajaxs.php. An unauthenticated attacker can exploit a crafted POST request by setting ajaxstype to del_fl_bkp and including directory traversal sequences in the file_name parameter (e.g., .....
PT-2026-41552
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del ...
MAL-2026-3693 Malicious code in kaggle-runner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71 kagglerunner/coordinator.py embeds a bash reverse-shell template rvsstr that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a...
Malicious code in kaggle-runner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71 kagglerunner/coordinator.py embeds a bash reverse-shell template rvsstr that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a...
PT-2026-8240
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive GDriveEmail, GDrive GDriveFolderID, GDrive GDriveBackupCount, Nextcloud url, Nextcloud user, Nextcloud...
EUVD-2015-1482
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2015-1343
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of unity-scope-gdrive logs search terms to syslog. CVE-2015-1343 Note that Nessus relies on the presence of the package as reported by the vendor...
Dropbox: Exfiltrate GDrive access token using CSRF
The report demonstrates a method of redirecting Google Drive OAuth tokens from Dropbox. A fix for the issue has been released and it was applied for existing users through an automatic update. An attacker could exploit this vulnerability by getting a user to visit a specially-crafted link that se...
CVE-2015-1343
All versions of unity-scope-gdrive logs search terms to syslog...
CVE-2015-1343
All versions of unity-scope-gdrive logs search terms to syslog...
Code injection
All versions of unity-scope-gdrive logs search terms to syslog...
UBUNTU-CVE-2015-1343
All versions of unity-scope-gdrive logs search terms to syslog...
CVE-2015-1343
CVE-2015-1343 affects unity-scope-gdrive; all versions log search terms to syslog. The connected documents consistently describe a logging behavior that may expose user search data via syslog, implying potential information disclosure. The provided sources do not include root-cause details, affec...
CVE-2015-1343 unity-scope-gdrive search feature logs search terms to syslog
All versions of unity-scope-gdrive logs search terms to syslog...
OPNsense 19.1 Cross Site Scripting
Exploit Title: OPNsense 19.1 | Cross-Site Scripting Date: 01.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://opnsense.org Software Link: http://mirror.ams1.nl.leaseweb.net/opnsense/releases/19.1/OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2 Version: 19.1 Introduction OPNsense is an open...
GhostCommander plugin: GDrive - Customized SSL, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application GhostCommander plugin: GDrive published at the 'play' market has multiple vulnerabilities...