Lucene search
K

33 matches found

SUSE CVE
SUSE CVE
added 2024/08/06 1:59 a.m.2 views

SUSE CVE-2024-42138

In the Linux kernel, the following vulnerability has been resolved: mlxsw: corelinecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxswlinecardtypesinit deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred...

5.5CVSS7.7AI score0.00234EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the mlxsw:corelinecards module in the presence of an invalid INI file, where mlxswlinecardtypesinit frees...

7.8CVSS6.6AI score0.00234EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.5 views

properties-reader 安全漏洞

properties-reader is a Node.js property reader compatible with ini files by Steve King, a personal developer. A security vulnerability exists in properties-reader prior to version 2.2.0, which stems from the package's susceptibility to prototype contamination, and which can be exploited by an...

9.8CVSS8.2AI score0.01092EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/02/01 9:18 p.m.2 views

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS7.3AI score0.03612EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/06/29 12:0 a.m.4 views

Machform 输入验证错误漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An open redirect vulnerability exists in Safariinit.php in versions prior to Machform 16. The vulnerability stems from improper validation of the ref parameter. An...

6.1CVSS5.7AI score0.00744EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/05/24 12:0 a.m.6 views

PT-2021-10553 · Metinfo · Metinfo

Name of the Vulnerable Software and Affected Versions: MetInfo version 7.0 beta Description: The issue allows attackers to delete and modify ini files in specific locations, including app/system/language/admin/language general.class.php and app/system/include/function/file.func.php...

9.1CVSS9.2AI score0.02201EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2021/02/16 2:25 p.m.8 views

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS7.3AI score0.03612EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/02/16 2:25 p.m.1 views

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS7.3AI score0.03612EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/31 6:59 a.m.4 views

AttacheCase vulnerable to arbitrary script execution

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Taizoh Tsukamoto of...

7.8CVSS7.1AI score0.01434EPSS
Exploits0References7
CNVD
CNVD
added 2017/09/26 12:0 a.m.2 views

File Upload Vulnerability in BEESCMS

BEESCMS is an enterprise website management system based on PHP+Mysql architecture. BEESCMS V4.0R20160525 version /includes/init.php file variable override script there is a file upload vulnerability, the attacker uses the vulnerability to upload arbitrary files, so as to obtain the front-end...

7.1AI score
Exploits0
OSV
OSV
added 2017/03/18 8:59 p.m.3 views

UBUNTU-CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

8.8CVSS7.4AI score0.04036EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.24 views

CentOS Update for ghostscript CESA-2012:0095 centos5

Check for the Version of ghostscript OpenVAS Vulnerability Test CentOS Update for ghostscript CESA-2012:0095 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

9.3CVSS6.4AI score0.06755EPSS
Exploits1References2
0day.today
0day.today
added 2008/07/31 12:0 a.m.58 views

Coppermine Photo Gallery <= 1.4.18 LFI / Remote Code Execution Exploit

Exploit for unknown platform in category web applications ====================================================================== Coppermine Photo Gallery authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is...

7.1AI score
Exploits0
Rows per page
Query Builder