CVE-2022-40721
https://notcve.org/view.php?id=CVE-2022-40721
Arbitrary file upload vulnerability in php uploader Una vulnerabilidad de carga de archivos Arbitrarios en php uploader • http://www.openwall.com/lists/oss-security/2022/10/03/3 http://www.vapidlabs.com/advisory.php?v=216 https://github.com/CreativeDream/php-uploader/issues/23%2C • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-36313 – file-type: a malformed MKV file could cause the file type detector to get caught in an infinite loop
https://notcve.org/view.php?id=CVE-2022-36313
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack. Se ha detectado un problema en el paquete file-type versiones anteriores a 16.5.4 y 17.x anteriores a 17.1.3 para Node.js. Un archivo MKV malformado podía causar que el detector de tipo de archivo quedara atrapado en un bucle infinito. • https://github.com/sindresorhus/file-type/releases/tag/v16.5.4 https://github.com/sindresorhus/file-type/releases/tag/v17.1.3 https://security.netapp.com/advisory/ntap-20220909-0005 https://www.npmjs.com/package/file-type https://access.redhat.com/security/cve/CVE-2022-36313 https://bugzilla.redhat.com/show_bug.cgi?id=2159682 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-31527
https://notcve.org/view.php?id=CVE-2022-31527
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio Wildog/flask-file-server versiones hasta 20-02-20 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-46824
https://notcve.org/view.php?id=CVE-2021-46824
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. Una vulnerabilidad de tipo cross Site Scripting (XSS) en sourcecodester School File Management System versión 1.0, por medio del parámetro Lastname del formulario Update Account en el archivostudent_profile.php • https://packetstormsecurity.com/files/161394/School-File-Management-System-1.0-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/49559 https://www.sourcecodester.com/php/14155/school-file-management-system.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-29055
https://notcve.org/view.php?id=CVE-2021-29055
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester School File Management System versión 1.0, por medio del parámetro Firtstname del formulario Update Account en el archivo student_profile.php • https://packetstormsecurity.com/files/161394/School-File-Management-System-1.0-Cross-Site-Scripting.html https://www.sourcecodester.com/php/14155/school-file-management-system.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •