ASUSTOR Data Master 安全漏洞

ASUSTOR Data Master is a proprietary operating system on ASUSTOR NAS from ASUS, China, with a tablet-like graphical interface comparable to a zero learning curve, making it easy to get started. A security vulnerability exists in ASUSTOR Data Master ADM versions 4.0 through 4.2, which stems from a...

PT-2023-23648 · Vipre · Vipre Antivirus Plus

Name of the Vulnerable Software and Affected Versions: VIPRE Antivirus Plus affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2023-33188

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

Design/Logic Flaw

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

CVE-2023-33188 Uncontrolled data used in content resolution

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

CVE-2023-33188 Uncontrolled data used in content resolution

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

CVE-2023-33188 Uncontrolled data used in content resolution

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

PT-2023-24205 · Unknown · Omni-Notes

Name of the Vulnerable Software and Affected Versions: Omni-notes versions prior to 6.2.7 Description: The Omni-notes Android app has an issue with insufficient path validation when displaying note details received through an externally-provided intent. This allows malicious applications on the...

Omni-Notes 安全漏洞

Omni-Notes is an open source notes application for Android. A security vulnerability exists in versions prior to Omni-Notes 6.2.7 that stems from the path to a note attachment not being properly validated, allowing a malicious or compromised application on the same device to cause Omni-notes to...

freerdp security update

2:2.2.0-10 - Fix 'implicit declaration of function' errors 2136153, 2145139 - 2:2.2.0-9 - CVE-2022-39282: Fix length checks in parallel driver 2136151 - CVE-2022-39283: Add missing length check in video channel 2136153 - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx 2145139 -...

File Path Traversal Vulnerability

Description in the file adminautoupdate.php php elseif $page == 'extract' if isset$POST'send' && $POST'send' == 'send' $toExtract = isset$POST'archive' ? $POST'archive' : null; $localArchive = Froxlor::getInstallDir . '/updates/' . $toExtract; $log-logActionFroxlorLogger::ADMACTION, LOGNOTICE,...

PT-2023-2875 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of D-Link D-View, with authentication required to exploit it. The specific flaw exists within th...

PT-2023-2877 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this issue. The specific fla...

CVE-2023-2180

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...

freerdp security update

2:2.4.1-5 - Fix 'implicit declaration of function' errors 2136155, 2145140 - 2:2.4.1-4 - CVE-2022-39282: Fix length checks in parallel driver 2136152 - CVE-2022-39283: Add missing length check in video channel 2136154 - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx 2145140 -...

Ghost Directory Traversal Vulnerability

Ghost is an open source content management system . Ghost suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths in frontend/web/middleware/static-theme.js when processing directory requests, which can be exploited by an attacker to read arbitrary...

CVE-2023-1381

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...

PT-2023-16944 · WordPress · Wp Meta Seo

Name of the Vulnerable Software and Affected Versions: WP Meta SEO WordPress plugin versions prior to 4.5.5 Description: The issue arises from the plugin not validating image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Additionally,...

GHSA-7X45-PHMR-9WQP Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...

PT-2023-12725 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: MindsDB versions prior to 22.11.4.3 Description: MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpack archive from a remotely retrieved tarball, which may lead to the writing of the...