5 matches found
EUVD-2019-5243
Malware in sbrugna...
EUVD-2019-9389
Malware in sbrugna...
CVE-2019-13981
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads//originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer...
UBUNTU-CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2022-25336
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...