19 matches found
EUVD-2006-3357
Malware in sbrugna...
EUVD-2023-55709
Malicious code in bioql PyPI...
CVE-2023-50982
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...
CVE-2023-50982
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...
CVE-2023-50982
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...
Remote code execution
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...
CVE-2023-50982
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...
CVE-2023-50982
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...
CVE-2023-50982
CVE-2023-50982 affects Stud.IP 5.x–5.3.3. An XSS vulnerability arises from not validating file extensions in Admin_SmileysController upload_action/edit_action, potentially allowing remote code execution with www-data privileges. Fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. Remediation: upgr...
Stud.IP <= 1.3.0-2 Multiple Remote File Include Vulnerabilities
No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and...
CVE-2006-3361
PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the 1 PHPLIBlibdir parameter in studip-phplib/oohforms.inc and 2 ABSOLUTEPATHSTUDIP parameter in studip-htdocs/archivassi.php...
CVE-2006-3361
PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the 1 PHPLIBlibdir parameter in studip-phplib/oohforms.inc and 2 ABSOLUTEPATHSTUDIP parameter in studip-htdocs/archivassi.php...
CVE-2006-3361
The CVE-2006-3361 entry describes a PHP remote file inclusion in Stud.IP 1.3.0-2 and earlier when register_globals is enabled. It allows an attacker to execute arbitrary PHP code via (1) _PHPLIB[libdir] in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP in studip-htdocs/archiv_assi.php. V...
[UNIX] Stud.IP File Inclusion
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
StudIP1302.txt
/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. http://www.studip.de...
Stud.IP <= 1.3.0-2 Multiple Remote File Include Vulnerabilities
Exploit for unknown platform in category web applications =============================================================== Stud.IP = 1.3.0-2 Multiple Remote File Include Vulnerabilities =============================================================== /-----------------------------------------------...
Stud.IP 1.3.0-2 - Multiple Remote File Inclusions
/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. http://www.studip.de...
Stud.IP 1.3.0-2 - Multiple Remote File Inclusions
Stud.IP 1.3.0-2 - Multiple Remote File Inclusions /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational...
Stud.IP <= 1.3.0-2 Multiple Remote File Include Vulnerabilities
No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and...