4786 matches found
CVE-2024-51747
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...
DEBIAN-CVE-2024-51748
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...
CVE-2024-51747
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...
CVE-2024-51747
Kanboard (Kanban project management software) contains a vulnerability where an authenticated admin can abuse the path field in the project_has_files SQLite DB to upload a modified sqlite.db, enabling path traversal to reference arbitrary files. When a project page is accessed after the modified ...
CVE-2024-51747 Arbitrary File Read and Delete in kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...
CVE-2024-51747 Arbitrary File Read and Delete in kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...
CVE-2024-51748 Remote code execution through language setting in kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...
CVE-2024-51748 Remote code execution through language setting in kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...
CVE-2024-51748
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...
CVE-2024-51748
CVE-2024-51748 : Kanboard prior to 1.2.42 contains a path traversal/authenticated admin vulnerability that lets an attacker place a payload PHP file (translations.php) and, via a crafted sqlite.db, load the file path to achieve remote code execution. This requires the attacker to host/upload the ...
K000148486: SQLite vulnerabilities CVE-2020-15358, CVE-2020-13632, CVE-2020-13435, and CVE-2020-13434
Security Advisory Description CVE-2020-15358 In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. CVE-2020-13632 ext/fts3/fts3snippet.c in SQLite before 3.32.0...
K000148484: SQLite vulnerabilities CVE-2019-19645, CVE-2016-6153, and CVE-2015-6607
Security Advisory Description CVE-2019-19645 alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. CVE-2016-6153 osunix.c in SQLite before 3.13.0 improperly implements the temporary...
PT-2024-8970 · Kanboard +1 · Kanboard +1
Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.42 Description: The issue is related to incorrect restriction of a directory path with limited access in Kanboard project management software. This can allow a remote attacker to read and delete arbitrary files...
PT-2024-8971 · Kanboard +1 · Kanboard +1
Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.42 Description: The issue concerns the Kanboard project management software, which focuses on the Kanban methodology. An authenticated Kanboard admin can execute arbitrary PHP code on the server due to a path...
CVE-2023-29119 Unauthorized SQLite Injection
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php...
CVE-2023-29119 Unauthorized SQLite Injection
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php...
CVE-2023-29118 Unauthorized SQLite Injection in Enel X Juicebox
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...
CVE-2023-29118 Unauthorized SQLite Injection in Enel X Juicebox
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...
Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-a...