15 matches found
CVE-2023-54338
CVE-2023-54338 affects Tftpd32 SE 4.60. The unquoted service path in the Tftpd32_svc service allows local attackers to execute arbitrary code with elevated privileges. Red Hat notes the same issue; PT-2026-2428 provides remediation guidance: update to a newer version or apply a workaround by quot...
EUVD-2017-1597
Malware in sbrugna...
EUVD-2023-0150
Malicious code in bioql PyPI...
EUVD-2024-44829
Malicious code in bioql PyPI...
EUVD-2022-28553
Malicious code in bioql PyPI...
CVE-2023-50731
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...
CVE-2024-36421
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration unauthenticated,...
PT-2024-34147 · Scoold · Scoold
Name of the Vulnerable Software and Affected Versions: Scoold versions prior to 1.64.0 Description: A semicolon path injection vulnerability was found on the "/api;/config" endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorized access to sensitive...
SUSE: Security Advisory (SUSE-SU-2019:14202-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-1000472
The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...
CVE-2017-1000472
The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...
CVE-2017-1000472
The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...
CVE-2017-1000472
The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...
CVE-2017-1000472
POCO C++ Libraries prior to 1.8 contain a ZIP path-validation flaw in ZipCommon::isValidPath() that can allow absolute path traversal during ZIP decompression, potentially enabling creation or overwriting of arbitrary files via a crafted ZIP file. Reports across multiple distributions (Debian, Fe...
CVE-2011-2202
CVE-2011-2202 details (from provided sources): In PHP before 5.3.7, rfc1867_post_handler in main/rfc1867.c does not properly restrict filenames in multipart/form-data POST requests, enabling remote attackers to perform absolute path traversal via a crafted upload and possibly create or overwrite ...