17 matches found
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
CVE-2025-34430 1Panel CSRF Panel Name Modification
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...
CVE-2025-34430 1Panel CSRF Panel Name Modification
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...
EUVD-2011-1096
Malware in sbrugna...
EUVD-2020-15547
Malware in sbrugna...
EUVD-2024-35857
Malicious code in bioql PyPI...
EUVD-2024-48951
Malicious code in bioql PyPI...
CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...
CVE-2024-56671
In the Linux kernel, the following vulnerability has been resolved: gpio: graniterapids: Fix vGPIO driver crash Move setting irqchip.name from probe function to the initialization of "irqchip" struct in order to fix vGPIO driver crash during bootup. Crash was caused by unauthorized modification o...
CVE-2024-9705 Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update
The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsmupdatetemplatenamelite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
Flowring Technology Agentflow BPM 授权问题漏洞
Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology. Flowring Technology Agentflow BPM suffers from an authorization vulnerability that arises from improper authentication of its enterprise management system, which could allow a remote attacker wi...
CVE-2020-22790
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs...
Website Star CMS has multiple vulnerabilities
Ltd. is a first-class Internet application service provider based on cloud computing. There is an arbitrary file name modification, arbitrary file reading vulnerability in the background of CMS. Attackers can use this vulnerability to arbitrarily delete or read website file information, and can n...
CVE-2000-1023
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program...