13 matches found
EUVD-2021-0569
Malware in sbrugna...
EUVD-2025-16693
Malicious code in bioql PyPI...
CVE-2025-55013
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...
WordPress plugin RSFirewall 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
CVE-2022-25834
In Percona XtraBackup PXB through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands...
UBUNTU-CVE-2022-25834
In Percona XtraBackup PXB through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands...
CVE-2021-21289
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...
CVE-2021-21289
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local...
Microsoft Internet Explorer Local Filename Information Disclosure Vulnerability
Internet Explorer is a web browser from Microsoft. Microsoft Internet Explorer has different feedback in the file:// URL for existing and non-existing files, and if used in conjunction with an HTML5 sandbox iframe, a local attacker could exploit this vulnerability to obtain local file existence...
CVE-2008-2665
Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...
Mozilla, Firefox, Thunderbird: Various vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow ...
Microsoft Internet Explorer 5 - INPUT TYPEFILE Remote File Upload
Microsoft Internet Explorer 5 - INPUT TYPEFILE Remote File Upload font size="3" color="white...