13 matches found
perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()
A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...
SUSE SLED15 / SLES15 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2442-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2442-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description...
SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2408-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2408-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description block directly from the SUSE...
Linux Distros Unpatched Vulnerability : CVE-2026-8450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form...
CVE-2022-31577
The longmaoteamtf/audioalignerapp repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
EUVD-2022-52979
Malicious code in bioql PyPI...
CVE-2022-31557
The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31553
The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31562
The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31550
The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31539
The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31519
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...