8 matches found
EUVD-2021-28042
Malicious code in bioql PyPI...
EUVD-2021-28039
Malicious code in bioql PyPI...
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
Directory traversal
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
Information disclosure
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...