Cccccccti

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Name of the Vulnerable Software and Affected Versions HummerRisk versions up to 1.5.0 Description A server-side request forgery exists in the Video File Download URL Handler component. Manipulation of the `streamIp` argument in the `ServerService.addServer()` function within the `ServerService.java` file allows a remote attacker to perform this action. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.