21 matches found
EUVD-2022-43372
Malicious code in bioql PyPI...
CVE-2022-40050
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1...
ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
A flaw was found in Artifex Ghostscript's psi/zfile.c component. This vulnerability allows arbitrary code execution via out-of-bounds data access...
ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
A flaw was found in Artifex Ghostscript's psi/zfile.c component. This vulnerability allows arbitrary code execution via out-of-bounds data access...
ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
A flaw was found in Artifex Ghostscript's psi/zfile.c component. This vulnerability allows arbitrary code execution via out-of-bounds data access...
CVE-2025-1818
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to unrestricted upload. The attack may be...
The vulnerability of the psi/zfile.c component in the software suite for processing, transforming, and generating Ghostscript documents allows a perpetrator to execute arbitrary code.
The vulnerability of the psi/zfile.c component of the software for processing, transforming, and generating Ghostscript documents is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
ALPINE-CVE-2024-46956
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution...
SUSE CVE-2024-46956
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution...
PT-2024-28980 · Oracle · Java
Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue allows an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional...
ZFile arbitrary file upload vulnerability
ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...
CVE-2022-40050
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1...
CVE-2022-40050
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1...
Privilege escalation
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1...
CVE-2022-40050
CVE-2022-40050: ZFile v4.1.1 contains an arbitrary file upload vulnerability in the /file/upload/1 endpoint due to lack of validation. Documented impact includes potential remote code execution by uploading malicious files; explicit exploit details are not provided in all sources, but CNVD/CNNVD ...
CVE-2022-40050
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1...
CVE-2022-40050
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1...
PT-2022-25178 · Zfile · Zfile
Name of the Vulnerable Software and Affected Versions: ZFile version 4.1.1 Description: The issue is related to an arbitrary file upload vulnerability. It can be exploited via the /file/upload/1 API endpoint. Recommendations: For ZFile version 4.1.1, consider restricting access to the...
ZFile 代码问题漏洞
ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...
The vulnerability of the zfile.c library of the PostScript/PDF Ghostscript interpreter, related to information disclosure, allows attackers to determine the presence and size of arbitrary files.
The vulnerability of the zfile.c library of the PostScript/PDF Ghostscript interpreter is related to the state command, even when the dSAFER sandbox is used. Exploiting this vulnerability allows a remote attacker to determine the presence and size of arbitrary files...