Directory Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Directory Traversal via the WriteFile and ReadFile tools. An attacker can gain full control over the server, including executing arbitrary commands, by supplying crafted file paths that allow...

EUVD-2005-1093

Malware in sbrugna...

EUVD-2007-0471

Malware in sbrugna...

EUVD-2019-7778

Malware in sbrugna...

Important: sqlite

Issue Overview: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Affected Packages: sqlite Issue Correction: Run dn...

CVE-2024-53636

An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System SIS EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter...

BIT-SQLITE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

The vulnerability of the econf_writeFile() function in the libeconf configuration analysis and management library allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the econfwriteFile function in the libeconf configuration analysis and management library is related to the issue of writing operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause service failures or execute arbitrary cod...

Path traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

CVE-2023-2273 Rapid7 Insight Agent Directory Traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

EulerOS 2.0 SP11 : sqlite (EulerOS-SA-2023-1578)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2023-1588)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : sqlite (EulerOS-SA-2023-1588)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions...

Updated sqlite3 packages fix security vulnerability

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908...

SUSE CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

SUSE CVE-2019-17371

gif2png 2.5.13 has a memory leak in the writefile function...

SUSE CVE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

Security Restrictions Bypass

sqlite is vulnerable to security restrictions bypass. When relying on --safe for execution of an untrusted CLI script, it does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

OESA-2023-1219 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

SQLite through 3.40.0 when relying on --safe for execution of an untrusted CLI script does not properly implement the azProhibitedFunctions protection mechanism and instead allows UDF functions such as WRITEFILE.

...