8 matches found
CVE-2024-24765
CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...
CVE-2024-24765
CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...
CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file
CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...
CasaOS-UserService allows unauthorized access to any file
Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. Details Construct paths to get any file. Such as the CasaOS user database,...
Tencent Classroom Has Janus Android Signature Vulnerability
Tencent Classroom is a professional online education platform launched by Tencent. Tencent Classroom has a Janus Android signature vulnerability, which can be exploited by an attacker to obtain system root privileges...
WeChat Phonebook suffers from Janus Android signature vulnerability
WeChat Phonebook is an intelligent communication enhancement software created by Tencent. WeChat Phonebook suffers from a Janus Android signature vulnerability. Attackers can use the vulnerability to obtain system root privileges...
Binary Vulnerability in Cisco rv130w
Cisco is a leading global provider of networking solutions. A binary vulnerability exists in Cisco rv130w, which could allow an attacker to gain system root privileges by constructing rop under authentication...
CVE-1999-1517
runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar...