4529 matches found
CVE-2017-16635
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
Arbitrary Code Execution
dolibarr is vulnerable to arbitrary code execution attacks. Low-privilege users were able to upload .exe files to the application, these files would be executed in the context of the application...
CVE-2017-9840
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application...
Type confusion
In Joomla! 3.2.0 through 3.6.5 fixed in 3.7.0, inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden...
[20170407] - Core - ACL Violations
Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden...
Tmp files readable by other users
Overview Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher...
CVE-2017-2600
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...
Updated jenkins-remoting packages fix CVE-2016-0792
Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...
MGASA-2016-0162 Updated jenkins-remoting packages fix CVE-2016-0792
Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...