chainerrl-visualizer路径遍历漏洞

chainerrl-visualizer is Chainer's open source way to visually analyze the behavior of ChainerRL agents to make debugging easier. chainerrl-visualizer suffers from a path traversal vulnerability that stems from a failure of the Flask sendfile function to properly filter the resource or file path f...

GHSA-687H-86VC-5X59 ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

WordPress Visualizer plugin <= 3.7.9 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Visualizer plugin versions = 3.7.9. Solution Update the WordPress Visualizer plugin to the latest available version at least 3.7.10...

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart&library=yes&chart=6190&tab=visualizer&a"alert/XSS/...

CVE-2020-2236

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission...

Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder

Aaia pronounced as shown here helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies. Aaia also supports modules to...

WordPress Visualizer Plugin < 3.3.1 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113537";...

kibana: Arbitrary code execution flaw in the Timelion visualizer

An arbitrary code execution flaw was found in the Timelion visualizer in Kibana versions before 5.6.15 and 6.6.1. This flaw allows an attacker with access to the Timelion application to send a request that attempts to execute javascript code. This could lead to an attacker executing arbitrary...

WordPress Visualizer plugin <= 3.3.0 - Server-Side Request Forgery (SSRF)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks. Solution Update the plugin to the latest version...

Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)

By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart. PoC curl -i -s -k -X $'POST' \ -H...

Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)

By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart. curl -i -s -k -X $'POST' \ -H...

Memoro - A Detailed Heap Profiler

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

Orbit - Cryptocurrency Wallets Relationship Visualizer

Give it a blockchain based crypto wallet address and it will crawl 3 levels deep in transaction data to plot a graph out of the information. Usage Run orbit.py with python3 as follows python3 orbit.py Enter the wallet address | | | ' | || | | | | Enter a wallet address: xxxxxxxxxxxxxxx Now orbit...

Detailed Heap Profiler: Memoro

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

CVE-2017-0396

An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission...

CVE-2016-6695

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540...

[SECURITY] Fedora 24 Update: pgpdump-0.31-1.fc24

pgpdump is a PGP packet visualizer which displays the packet format of OpenPGP RFC 4880 and PGP version 2 RFC 1991...

Design/Logic Flaw

NetScout formerly Network General Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/enUS/domains/adddomain.jsp, which allows remote attackers to gain administrator privileges via a direct request...

CVE-2008-6701

NetScout formerly Network General Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/enUS/domains/adddomain.jsp, which allows remote attackers to gain administrator privileges via a direct request...