15 matches found
CVE-2026-45731
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...
CVE-2026-45731
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...
EUVD-2026-33306
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...
CVE-2026-45731 WWBN AVideo: Authenticated Arbitrary File Read in view/update.php
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...
CVE-2026-45731 WWBN AVideo: Authenticated Arbitrary File Read in view/update.php
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...
CVE-2026-45731
WWBN AVideo vulnerability CVE-2026-45731 affects view/update.php in versions 29.0 and earlier. The code reads $_POST['updateFile'] as a relative path under updatedb/ and feeds it to PHP’s file() for line-by-line execution during a database migration, enabling an authenticated administrator to rea...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the view/update.php script, which read $POSTupdateFile as a relative path under the...
GHSA-3MJV-375J-6H92 AVideo: Authenticated Arbitrary File Read in view/update.php
Summary view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process — especially...
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the versions function, which executes a locate command to find a PostgreSQL installation on Linux. An attacker who can write files to the target...
UBUNTU-CVE-2023-32190
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
security flaw
slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service updatedb exit and incomplete slocate database via a certain crafted directory structure...
security flaw
slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service updatedb exit and incomplete slocate database via a certain crafted directory structure...
Low: Red Hat Security Advisory: slocate security update
An updated slocate package that fixes a denial of service and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database...
slocate file search utility DoS
updatedb fails to handle long directory paths...
CVE-1999-1095
The CVE-1999-1095 entry concerns the sort utility. It describes that sort creates temporary files and follows symbolic links, enabling a local user to modify arbitrary files writable by the user running sort. This impact is observed in updatedb and other programs that invoke sort. The documents d...