12 matches found
CVE-2026-5271 Possible to hijack modules in current working directory
pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...
EUVD-2010-2485
Malware in sbrugna...
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Impact What kind of vulnerability is it? Who is impacted? An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions matching the pattern 0.x.0 at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function,...
WordPress Plugin SiteOrigin Widgets Bundle Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2023-22855
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method Path.Combine from .NET without proper sanitisation. This yields the possibility of including local files, as...
Directory traversal
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths...
Cisco ASA Local Path Inclusion Vulnerability (cisco-sa-20141008-asa)
A vulnerability in the function that exports environment variables of Cisco ASA Software could allow an authenticated, local attacker to inject a malicious library and take complete control of the system. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a...
Cisco ASA Local Path Inclusion Vulnerability
A vulnerability in the function that exports environment variables of Cisco ASA Software could allow an authenticated, local attacker to inject a malicious library and take complete control of the system. The vulnerability is due to improper setting of the LDLIBRARYPATH environment. An attacker...
iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion
No description provided by source...
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
Document Title: =============== Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1166 Release Date: ============= 2013-12-10 Vulnerability Laboratory ID VL-ID:...
KomaMail Local Path Inclusion
Exploit for php platform in category web applications Exploit Title: KomaMail Local Path Inclusion Date: 26/11/2011 Author: SnakingMax WebSite: snakingmax.blogspot.com Software Link: http://www.koma-code.de/ProgsZip/KomaMail.zip Version: 3.82 Category: Local Exploit Tested on: Windows XP SP3 0-Da...
Mambo Component User Home Pages 0.5 - Remote File Inclusion
Mambo Component User Home Pages 0.5 - Remote File Inclusion Kurdish Security Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : User Home Pges Site : www.ravensportal.co.uk Thanx :...