EUVD-2024-54869

Malicious code in bioql PyPI...

Moderate: Red Hat Security Advisory: python38:3.8 and python38-devel:3.8 security update

An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: python-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

CVE-2023-42796

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11, CP-8050 MASTER MODULE All versions CPCI85 V05.11. The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote...

Issabel PBX 安全漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A security vulnerability exists in Issabel PBX version v.4.0.0-6, which stems from a vulnerability that allows any remote attacker to view application-sensiti...

CVE-2023-29402

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

The vulnerability of the RabbitMQ message broker installer for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the RabbitMQ message broker installer for Windows operating systems is related to deficiencies in access control for directories of connected modules. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2013-6358

PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory...

Directory traversal

PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory...

CVE-2013-6358

PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory...

CVE-2013-6358

PrestaShop 1.5.5 is affected: remote authenticated attackers can execute arbitrary code by uploading a crafted profile and then accessing it under the module/ directory. Root cause is improper handling of uploaded profiles allowing code execution. Impact is high (remote code execution) per CVE re...

The vulnerability of the command-line tools for package managers NPM and Yarn allows a hacker to write arbitrary files.

The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by creating symbolic links to files outside the module...

SUSE SLED12 / SLES12 Security Update : systemd, dracut (SUSE-SU-2017:1898-1)

This update for systemd and dracut fixes the following issues: Security issues fixed : - CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server. bsc1045290 Non-security issues fixed in systemd : - Automounter issue in combination with NFS volume...

openSUSE Security Update : samba (openSUSE-2017-437)

"This update for samba fixes the following issues : Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory bsc1027147. Bugfixes : - Force usage of ncurses6-config thru NCURSESCONFIG env var bsc1023847. - Add missing ldb module directory bsc1012092. -...

CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to 1 core/modules/my/my.module.php or 2 core/modules/xml/xml.module.php; the COREROOT parameter to 3 config.loader.php, 4...