CVE-2024-23793

The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...

CVE-2023-48299

TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the...

CVE-2023-48299 TorchServe ZipSlip

TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the...

Command injection

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...

OpenEXR Logic Flaw Vulnerability

OpenEXR is an image file format for high dynamic range HDR images.A security vulnerability exists in OpenEXR, which stems from a flaw in the ImfDeepScanLineInputFile functionality. An attacker could use the upstairs to trigger an out-of-bounds read by submitting a harmful file to an application...

Quadbase EspressReports ES 跨站请求伪造漏洞

Quadbase EspressReports ES is a software application from Quadbase, Inc. It provides special reporting and querying capabilities that allow users to create various queries and reports through a zero-client browser interface. A cross-site request forgery vulnerability exists in Quadbase...

CVE-2017-0601

An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0,...

CVE-2017-0601

An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0,...

Threat Outbreak Alert RuleID15325: Email Messages Distributing Malicious Software on May 15, 2015

Medium Alert ID: 38890 First Published: 2015 May 15 15:28 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID15325 and RuleID15325KVR may contain the following...

Threat Outbreak Alert RuleID13787: Email Messages Distributing Malicious Software on March 3, 2015

Medium Alert ID: 37700 First Published: 2015 March 4 15:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID13787 may contain the following files: Name | Siz...

ZoneAlarm Pro's MailSafe

hi2all MailSafe is a feature on ZoneAlarm Pro http://www.zonelabs.com that identifies in e-mail attachments potentially harmful files ex: .exe, .com, .reg, .vbs or others that can be added in this feature configuration, and renames their extension to .zl; at the same time it can show an alarm box...