SUSE CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

GHSA-H2X6-5JX5-46HF RCE in TranformGraph().to_dot_graph function

Summary RCE due to improper input validation in TranformGraph.todotgraph function Details Due to improper input validation a malicious user can provide a command or a script file as a value to savelayout argument, which will be placed as the first value in a list of arguments passed to...

DEBIAN-CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

UBUNTU-CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

PT-2024-12939

Name of the Vulnerable Software and Affected Versions Astropy version 5.3.2 Description The issue is related to remote code execution due to improper input validation in the TranformGraph.to dot graph function. A malicious user can provide a command or a script file as a value to the savelayout...

Piwik PHP Object Injection Vulnerability

Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A security vulnerability exists in the 'saveLayout' function in the /plugins/Dashboard/Controller.php script in Piwik 2.16.0 and earlier versions. A remote attacker can exploit this...

Piwik <= 2.16.0 (saveLayout) PHP object injection vulnerability

The vulnerability can be triggered through the saveLayout method defined in /plugins/Dashboard/Controller.php: 210. public function saveLayout 211. 212. $this-checkTokenInUrl; 213. 214. $layout = Common::unsanitizeInputValueCommon::getRequestVar'layout'; 215. $layout = striptags$layout; 216...

Piwik 2.16.0 - &#039;layout&#039; PHP Object Injection

--------------------------------------------------------------- Piwik checkTokenInUrl; 213. 214. $layout = Common::unsanitizeInputValueCommon::getRequestVar'layout'; 215. $layout = striptags$layout; 216. $idDashboard = Common::getRequestVar'idDashboard', 1, 'int'; 217. $name =...

Oracle WebCenter Forms Recognition Sssplt30.ocx ActiveX Control Remote Code Execution Vulnerabilty

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Forms Recognition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Path traversal

Absolute path traversal vulnerability in the Data Dynamics ActiveReport ActiveReports ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method...

Path traversal

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 ActiveReports ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 SP5 RC allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to t...

CVE-2007-3983

CVE-2007-3983 describes an absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control contained in arpro2.dll, part of ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC). The flaw allows a remote attacker to create or overwri...

CVE-2007-3982

The CVE-2007-3982 entry concerns the Data Dynamics ActiveReport (ActiveReports) ActiveX control (actrpt2.dll) version 2.5 and earlier. The vulnerability is an absolute path traversal in which a full pathname passed as the first argument to the SaveLayout method can be used to create or overwrite ...

CVE-2007-3982

Absolute path traversal vulnerability in the Data Dynamics ActiveReport ActiveReports ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method...

CVE-2007-3983

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 ActiveReports ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 SP5 RC allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to t...

Data Dynamics ActiveReport - ActiveX &#039;actrpt2.dll 2.5&#039; Insecure Method

----------------------------------------------------------------------------------------------- Data Dynamics ActiveReport ActiveX Control actrpt2.dll url: http://www.datadynamics.com/default.aspx author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was written...