CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be...

PT-2023-20521 · Blamer · Blamer

Name of the Vulnerable Software and Affected Versions: blamer versions prior to 1.0.4 Description: The issue is related to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path, nor does it properly pass command-line fla...

IBM Security Directory Server 路径遍历漏洞

IBM Security Directory Server is a suite of enterprise identity management software from International Business Machines IBM that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A directory traversal vulnerabili...

CVE-2023-4615

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...

CVE-2023-4616 thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

CVE-2023-4613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

PT-2023-29872 · Lg · Lg Led Assistant

Name of the Vulnerable Software and Affected Versions: LG LED Assistant affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...

LG LED Assistant Path Traversal Vulnerability

LG LED Assistant is a software from Luckin LG Korea. It is used to set up LED lights. A security vulnerability exists in LG LED Assistant, which arises from failure to properly validate a user-supplied path before using it in a file operation, allowing a remote attacker to execute code in the...

LG LED Assistant Path Traversal Vulnerability

LG LED Assistant is a software from Luckin LG Korea. It is used to set up LED lights. A security vulnerability exists in LG LED Assistant that originates from failure to properly validate a user-supplied path before using it in a file operation, allowing remote attackers to disclose information...

Path Traversal

PF4J is vulnerable to Path Traversal. The vulnerability exists in the extract function in Unzip.java due to a lack of path validation which allows an attacker to obtain sensitive information and execute arbitrary code via the expandIfZip parameter...

Path Traversal

PF4J is vulnerable to Path Traversal. The vulnerability exists in the extract function in Unzip.java due to a lack of path validation which allows an attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter...

Path Traversal

PF4J is vulnerable to Path Traversal. The vulnerability exists in the extract function in Unzip.java due to a lack of path validation which allows an attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...

PYSEC-2023-165

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

PT-2023-27495 · Lg · Lg Supersign Media Editor

Name of the Vulnerable Software and Affected Versions: LG SuperSign Media Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this...

PT-2023-27479 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specific flaw...

(0Day) LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyStickerContent command. The issue results from th...

PT-2023-27492 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this issue, the...

(0Day) LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteFolder method. The issue results from the lack of proper validation of a...

PT-2023-27851 · Lg · Lg Supersign Media Editor

Name of the Vulnerable Software and Affected Versions: LG SuperSign Media Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this...

PT-2023-27487 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specific flaw...