25 matches found
GHSA-XP63-6VF5-XF3V Command injection in codecov (npm package)
Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...
Directory traversal
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...
SupeSite 7.5 background upload webshell-vulnerability warning-the black bar safety net
Get the webshell method without any technical content. the. There are many online similar. But, this see online also not, their just at once get a webshell in the process of discovery, so it sends to, Of course, related many examples. For example, the following two. Example 1: the Wordpress...
cfme: CFME 2.0 multiple zip file upload path traversal vulnerabilities
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...
RealPage Module Upload ActiveX Control Multiple Vulnerabilities
The RealPage Module Upload ActiveX control, used with RealPage's OneSite Property Management Systems software and installed on the remote Windows host, reportedly is affected by several vulnerabilities : - The 'Upload' method in combination with the 'SourceFile' and 'DestURL' properties can be...