CVE-2022-44748

CVE-2022-44748 - KNIME Server Zip-Slip directory traversal . A vulnerability in KNIME Server’s ZIP archive extraction routines allows an authenticated user (with upload rights) to overwrite arbitrary files on the server’s filesystem. The root cause is directory traversal during workflow upload, e...

Some Workspace Environment Management security settings are not getting applied

Some WEM-related security settings such as hiding the Run menu or blocking access to system drives are not being applied, and the Agent log throws errors such as these: Exception - VuemEnvironmentalSettingsController.ExecuteEntityPolicySettings : Attempted to perform an unauthorized operation...

The vulnerability of the NameSurfer IP address management server allows a malicious actor to inject malicious code that interacts with the web server.

The vulnerability of the Nixu NameSurfer software lies in errors in the program’s code. Exploiting this vulnerability allows a malicious individual to inject malicious code into the web page displayed by the web system. This malicious code will be executed on the user’s computer when the user ope...

Очередные ошибки в CGI

No description provided...

Перепобнения буфера и другие ошибки в Valicert (buffer overflow)

Многочисленные ошибки...

Ошибки в Cisco 600 (TCP/IP stack problems)

Различные ошибки реализации стека TCP/IP...

Class-Name Injection

Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...