共收录 5 条相关安全情报。
← 返回所有主题Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.
💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.
💡 影响/原因: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估
### Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requires that the attacker already has admin access to at least a subwiki to be able to install a malicio
💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .on
💡 影响/原因: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估
### Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. ### Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious `.one` file that includes file names containing `../../`, that are then interpreted as part of the target path whe
💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估