Vikunja has File Size Limit Bypass via Vikunja Import

Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...

GHSA-QH78-RVG3-CV54 Vikunja has File Size Limit Bypass via Vikunja Import

Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...

PT-2026-31953

Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...

CVE-2024-8538

CVE-2024-8538 affects the WordPress plugin Big File Uploads – Increase Maximum File Upload Size (versions

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

SMBSR - Lookup For Interesting Stuff In SMB Shares

Well, SMBSR is a python script which given a CIDR/IP/IPfile/HOSTNAMEs enumerates all the SMB services listening 445 among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files...

OPENSUSE-SU-2021:0272-1 Security update for rclone

This update for rclone fixes the following issues: rclone was updated to version 1.53.3: Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo1179005 Nick Craig-Wood - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by...

OPENSUSE-SU-2020:2008-1 Security update for rclone

This update for rclone fixes the following issues: rclone was updated to version 1.53.3: Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo1179005 Nick Craig-Wood - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by...

CVE-2018-20819

io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads...

UBUNTU-CVE-2016-0830

btifconfig.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service memory corruption and persistent daemon crash by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bu...

kernel: splice: lack of generic write checks

A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...

kernel: splice: lack of generic write checks

A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

kernel: splice: lack of generic write checks

A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...

Unauthorized disk blocks access in FreeBSD ffs

Bug in maximum file size calculation allows to access disk blocks behind the file because of integer overflow...