37 matches found
PT-2023-30464 · Yonyou · Yongyou Ufida-Nc
Name of the Vulnerable Software and Affected Versions: Yongyou UFIDA-NC versions up to 20230807 Description: A critical issue has been found in the processing of the file PrintTemplateFileServlet.java, where the manipulation of the filePath argument leads to path traversal. This issue can be...
PT-2023-26740 · FFmpeg · Ffmpeg
Name of the Vulnerable Software and Affected Versions: FFmpeg versions 0.7.0 and below Description: A code injection issue was discovered in the net.bramp.ffmpeg.FFmpeg. component. This issue is exploited by passing an unchecked argument. However, it's noted that there are no realistic use cases...
PT-2023-25572
Name of the Vulnerable Software and Affected Versions Boss Mini version 1.4.0 Build 6221 Description A critical issue affects an unknown part of the file boss/servlet/document, where the manipulation of the path argument leads to file inclusion. This can be initiated remotely. Recommendations For...
CVE-2023-26265
The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borgpreprocesspage in the file template.php does not properly sanitize incoming path arguments before using them...
UBUNTU-CVE-2022-23218
The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is not...
GHSA-3269-X4PW-VFFG OS Command Injection in diskusage-ng
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument...
OS Command Injection in diskusage-ng
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument...
ARK library 输入验证错误漏洞
Bandisoft ARK library is a library from Bandisoft Korea that decompresses most of the existing compression formats such as ZIP, RAR, ALZ, EGG, etc. in various OS environments such as Windows, macOS, Linux, etc. and creates compressed files in ZIP/7Z format. A security vulnerability exists in the...
CVE-2011-2195
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system...
CVE-2020-7631
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument...
CVE-2020-7631
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument...
DEBIAN-CVE-2016-10730
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...
CVE-2014-4043
The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities...
Mozilla Firefox 2.0.0.2 Document.Cookie Path Argument Denial of Service Vulnerability
No description provided by source...
Mozilla Firefox 2.0.0.2 - Document.Cookie Path Argument Denial of Service
source: https://www.securityfocus.com/bid/22879/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. An attacker may exploit this vulnerability to cause Mozilla Firefox to crash, resulting in denial-of-service conditions. Little is known regarding this vulnerability; this BI...
CVE-2006-5006
Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument...
DEBIAN-CVE-2003-0165
Format string vulnerability in Eye Of Gnome EOG allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display...