UBUNTU-CVE-2020-24972

The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL...

SUSE SLED15 / SLES15 Security Update : rust (SUSE-SU-2018:3357-1)

This update for rust fixes the following issues : CVE-2018-1000622: rustdoc loads plugins from world-writable directory allowing for arbitrary code execution This patch consists of requiring --plugin-path to be passed whenever --plugin is passed Note that rustdoc plugins will be removed entirely ...

rust: rustdoc loads plugins from world writable directory allowing for arbitrary code execution

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

PYSEC-2018-43

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

ALPINE-CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

PT-2018-2340

Name of the Vulnerable Software and Affected Versions ansible affected versions not specified Description A flaw in ansible allows an attacker to execute arbitrary code by altering the ansible.cfg file in the current working directory to point to a plugin or module path under their control. This...

Serendipity跨站脚本漏洞和SQL注入漏洞

BUGTRAQ ID: 65449 Serendipity是Serendipity团队开发的一套基于PHP的博客系统。该系统支持创建在线日记、博客、网页等。 Serendipity中存在跨站脚本漏洞和SQL注入漏洞。攻击者可利用这些漏洞窃取基于cookie的身份认证，控制应用程序，访问或修改数据，或利用底层数据库中潜在的漏洞。Serendipity 1.7.5版本中存在漏洞，其他版本也可能受到影响。 0 Serendipity 1.7.5 厂商补丁： Serendipity ----- 目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.s9y.org/...