Post Content
Monthly Archives: October 2023
GLSA 202310-20: rxvt-unicode: Arbitrary Code Execution
GLSA 202310-17: UnZip: Multiple Vulnerabilities
GLSA 202310-18: Rack: Multiple Vulnerabilities
CVE-2007-10003
A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803.
CVE-2005-10002
A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804.
CVE-2021-33637
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.
CVE-2021-33636
When the isula load command is used to load malicious images, attackers can execute arbitrary code.
CVE-2021-33635
When malicious images are pulled by isula pull, attackers can execute arbitrary code.
CVE-2021-33634
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.