Unrestricted file upload

Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root...

MGASA-2024-0009 Updated x11-server and tigervnc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in...

Directory traversal

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

CVE-2024-21642

D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...

CMSMS 2.2.19 Arbitrary File Upload Vulnerability

The parameter "fileupload" in type ID is vulnerable to File Upload and RCE attacks, it is not sanitized correctly. The attacker can upload a virus directly on the server by using this web vulnerability, and then he can execute it, this can be the end of this server depending on the scenario! In...

CVE-2023-50731 MindsDB has arbitrary file write in file.py

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

CVE-2023-48308

CVE-2023-48308 affects the Nextcloud Calendar app. The authenticated user can trigger an error while editing a calendar appointment that exposes the server’s stacktrace and internal paths. Affected software: Nextcloud Calendar prior to version 4.5.3. Root cause: error handling leaks internal debu...

DLA-3686-2 xorg-server - security update

Bulletin has no description...

CVE-2023-6722 Relative Path Traversal in Repox

A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...

Backup Migration < 1.3.8 - Unauthenticated RCE

Description The plugin is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated...

httpd: Apache Tomcat Connectors (mod_jk) Information Disclosure

A vulnerability was found in Apache Tomcat Connectors modjk. Affected versions of this package are vulnerable to information exposure in the modjk component. This flaw allows an attacker to exploit the implicit mapping functionality, resulting in the unintended exposure of the status worker and...

Design/Logic Flaw

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

CVE-2023-49282 Test code in published microsoft-graph package exposes phpinfo()

msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...

eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

CVE-2023-49108

Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 excluding Ver.6.1.1.3a. If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges...

Quick Quiz 2.4 File Upload - Remote Code Execution Vulnerability

Title: Quick-Quiz-2.4 File Upload - RCE Author: nu11secur1ty Vendor: https://mediacity.co.in/mediacity/ Software: https://codecanyon.net/item/quick-quiz-laravel-quiz-and-exam-system/21117633?srank=14 Reference: https://portswigger.net/web-security/file-upload,...

PHPMemcachedAdmin Path Traversal vulnerability

A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input...

CVE-2023-49321

Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...

CVE-2023-49322

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...

CVE-2023-49321

Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...