3 matches found
CVE-2022-4023 3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad
The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...
Nextcloud: Leak arbitrary file under nextcloud android client privacy directory
Steps to reproduce: 1.install and login nextcloud android client 2.create a directory and set it 'shareable' 3.install the poc app "setresultcontactphotocrop" key code: EvilActivity public class EvilActivity extends AppCompatActivity final static String PRIVATEURI =...
Ubuntu 18.04 LTS : phpMyAdmin vulnerabilities (USN-4639-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4639-1 advisory. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use thi...