CVE-2021-46824
https://notcve.org/view.php?id=CVE-2021-46824
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. Una vulnerabilidad de tipo cross Site Scripting (XSS) en sourcecodester School File Management System versión 1.0, por medio del parámetro Lastname del formulario Update Account en el archivostudent_profile.php • https://packetstormsecurity.com/files/161394/School-File-Management-System-1.0-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/49559 https://www.sourcecodester.com/php/14155/school-file-management-system.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-29055
https://notcve.org/view.php?id=CVE-2021-29055
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester School File Management System versión 1.0, por medio del parámetro Firtstname del formulario Update Account en el archivo student_profile.php • https://packetstormsecurity.com/files/161394/School-File-Management-System-1.0-Cross-Site-Scripting.html https://www.sourcecodester.com/php/14155/school-file-management-system.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-41413
https://notcve.org/view.php?id=CVE-2021-41413
ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. ok-file-formats master versión 12-9-2021, está afectado por un desbordamiento del búfer en las funciones ok_jpg_convert_data_unit_grayscale y ok_jpg_convert_YCbCr_to_RGB • https://github.com/brackeen/ok-file-formats https://github.com/brackeen/ok-file-formats/issues/20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-40668
https://notcve.org/view.php?id=CVE-2021-40668
The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. La aplicación Android HTTP File Server (Versión 1.4.1) de "slowscript" está afectada por una vulnerabilidad de salto de ruta que permite el listado arbitrario de directorios, la lectura y escritura de archivos • https://eddiez.me/path-traversal-in-slowscript-httpfileserver https://play.google.com/store/apps/details?id=slowscript.httpfileserver • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-1788 – Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF
https://notcve.org/view.php?id=CVE-2022-1788
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. Debido a una falta de comprobaciones, el plugin Change Uploaded File Permissions de WordPress versiones hasta 4.0.0, es vulnerable a ataques de tipo CSRF. Esto puede ser usado para cambiar los permisos de archivos y carpetas de cualquier carpeta. • https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462 • CWE-352: Cross-Site Request Forgery (CSRF) •