76 matches found
CVE-2023-50917
MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager...
EUVD-2009-3520
Malware in sbrugna...
CVE-2024-33465
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component...
CVE-2024-33465
MajorDoMo contains a Cross Site Scripting vulnerability in the thumb/thumb.php component, exploitable to escalate privileges. Affected versions are prior to 0662e5e. Mitigation paths documented include updating to 0662e5e or later, or temporarily restricting access to the thumb/thumb.php componen...
PT-2024-25273 · Majordomo · Majordomo
Name of the Vulnerable Software and Affected Versions: MajorDoMo versions prior to 0662e5e Description: The issue allows an attacker to escalate privileges via the thumb/thumb.php component. This is a Cross Site Scripting vulnerability. Recommendations: For versions prior to 0662e5e, update to...
CVE-2024-33465
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component...
MajorDoMo Remote Code Execution
Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...
MajorDoMo Remote Code Execution Vulnerability
Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...
MajorDoMo Command Execution Vulnerability (CNVD-2024-0217529)
MajorDoMo is an open source DIY smart home automation platform from the MajorDoMo community. MajorDoMo suffers from a command execution vulnerability that stems from the file thumb.php failing to properly filter construct command special characters, commands, and more. An attacker can exploit thi...
CVE-2023-50917
MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager...
CVE-2023-50917
MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager...
Command injection
MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager...
MajorDoMo 安全漏洞
MajorDoMo is an open source DIY smart home automation platform from the MajorDoMo community. MajorDoMo suffers from a command execution vulnerability that stems from the file thumb.php failing to properly filter construct command special characters, commands, and more. An attacker can exploit thi...
CVE-2023-50917
MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager...
CVE-2023-50917
CVE-2023-50917 affects MajorDoMo (Major Domestic Module) prior to commit 0662e5e, allowing unauthenticated command execution via thumb.php shell metacharacters. Exploitation leads to OS command execution and potential full system compromise; patching guidance in connected documents: update MajorD...
SUSE CVE-2010-1190
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as imgauth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations...
Mahara 20.04.x < 21.04.6, 21.10.x < 21.10.4, 22.04.x < 22.04.2 Information Disclosure Vulnerability
Mahara is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if...
CVE-2022-33913
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check...
Mahara 安全漏洞
Mahara is a free open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions 21.04 through 21.04.6, 21.10 through 21.10.4, and 22.04.2, which stems from the fact that it is sometimes possible to download files via thumb.php without checking...
PT-2022-21906 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 21.04 through 21.04.5 Mahara versions 21.10 through 21.10.3 Mahara version 22.04.2 Description: The issue allows files to be downloaded through thumb.php with no permission check. Recommendations: For Mahara versions 21.04...