41 matches found
EUVD-2020-14293
Malware in sbrugna...
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...
CVE-2024-37794
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT2 input file...
CVE-2024-37794
CVE-2024-37794 affects CVC5 Solver v1.1.3. The vulnerability stems from improper input validation in SMT2 input handling, allowing a DoS via a crafted input file. Exploitation details are not provided here, but multiple connected sources confirm the DoS impact. Remediation is to update to a newer...
CVE-2024-37794
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT2 input file...
CVE-2024-37794
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT2 input file...
CVC5 Solver Security Vulnerability
cvc5 is a tool in the cvc5 open source. It is used to determine the satisfiability of first-order formulas modulo first-order theories or combinations of these theories. A security vulnerability exists in CVC5 Solver version v1.1.3 that stems from improper input validation and allows an attacker ...
answer Access Control Error Vulnerability (CNVD-2023-72246)
answer is an open source knowledge-based community software. An Access Control Error vulnerability exists in versions prior to answer v1.1.3 that stems from a lack of authentication for critical functions. An attacker can exploit the vulnerability can change roles including administrator...
Answer Missing Authentication for Critical Function
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...
CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...
CVE-2023-27193
An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the keyadnewuseravoidtime field...
GHSA-M9VJ-44F3-78XW Path traversal in CureKit
CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal...
Path traversal in CureKit
CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal...
CVE-2020-21524
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...
CVE-2020-21527
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal...
CVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...
CVE-2020-21522
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system...
Directory traversal
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system...
Xxe
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...