33 matches found
SUSE CVE-2024-42138
In the Linux kernel, the following vulnerability has been resolved: mlxsw: corelinecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxswlinecardtypesinit deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the mlxsw:corelinecards module in the presence of an invalid INI file, where mlxswlinecardtypesinit frees...
properties-reader 安全漏洞
properties-reader is a Node.js property reader compatible with ini files by Steve King, a personal developer. A security vulnerability exists in properties-reader prior to version 2.2.0, which stems from the package's susceptibility to prototype contamination, and which can be exploited by an...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
Machform 输入验证错误漏洞
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An open redirect vulnerability exists in Safariinit.php in versions prior to Machform 16. The vulnerability stems from improper validation of the ref parameter. An...
PT-2021-10553 · Metinfo · Metinfo
Name of the Vulnerable Software and Affected Versions: MetInfo version 7.0 beta Description: The issue allows attackers to delete and modify ini files in specific locations, including app/system/language/admin/language general.class.php and app/system/include/function/file.func.php...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
AttacheCase vulnerable to arbitrary script execution
Overview AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Taizoh Tsukamoto of...
File Upload Vulnerability in BEESCMS
BEESCMS is an enterprise website management system based on PHP+Mysql architecture. BEESCMS V4.0R20160525 version /includes/init.php file variable override script there is a file upload vulnerability, the attacker uses the vulnerability to upload arbitrary files, so as to obtain the front-end...
UBUNTU-CVE-2017-7178
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...
CentOS Update for ghostscript CESA-2012:0095 centos5
Check for the Version of ghostscript OpenVAS Vulnerability Test CentOS Update for ghostscript CESA-2012:0095 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
Coppermine Photo Gallery <= 1.4.18 LFI / Remote Code Execution Exploit
Exploit for unknown platform in category web applications ====================================================================== Coppermine Photo Gallery authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is...