UBUNTU-CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

Phraseanet 4.0.7 - Cross-Site Scripting

Phraseanet 4.0.7 - Cross-Site Scripting Exploit title: Stored XSS vulnerability in Phraseanet DAM Open Source software Date: 10/10/2018 Exploit Author: Krzysztof Szulski Vendor Homepage: https://www.phraseanet.com Software Link also VM: https://www.phraseanet.com/en/download/ Version affected:...

PT-2018-9755 · Vaultize · Vaultize Enterprise File Sharing

Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31 Description: An issue was discovered that allows for Stored XSS on the file or folder download pop-up. This occurs via a crafted file or folder name. Recommendations: For Vaultize Enterprise...

ruby: Command injection vulnerability in Net::FTP

It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with...

Vulnerability of the PHP interpreter and the Mac OS X operating system, allowing attackers to execute arbitrary code

The vulnerability of the Phar extension in PHP interpreters and the Mac OS X operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file name...

GraphicsMagick and ImageMagick Code Execution Vulnerabilities

GraphicsMagick is a set of simple image processing tools, the tool to the image to provide resizing, rotation, highlighting and other functions.ImageMagick is the U.S. ImageMagick Studio, Inc. of a set of open-source image processing software, the software can read, convert, write a variety of...

Pitivi Arbitrary Command Execution Vulnerability

Pitivi is a suite of open source video editing software written in Python and based on GStreamer and GTK+. The software provides a timeline in order to achieve complete control over the video. A security vulnerability exists in Pitivi versions prior to 0.95, which stems from an error in the...

Multiple McAfee Products OS Command Injection Vulnerabilities

McAfee ESM is a security management product that performs real-time baseline activity calculations on all information collected and provides prioritized alerts before potential threats occur; McAfee ESMLM is a log collection, storage, and management product.McAfee ESMREC is an event receiver...

setroubleshoot: command injection via crafted file name

It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command...

CVE-2012-3382

Cross-site scripting XSS vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properl...

FTPGetter FTP Client Directory Traversal Vulnerability

This host is installed with FTPGetter FTP Client and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: secpodftpgetterftpclientdirtraversalvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ FTPGetter FTP Client Directory Traversal Vulnerability Authors: Antu Sanadi Copyrigh...

Обратный путь в директориях в функциях fts из libc (directory traversal)

Сконструировав специальные имена файлов можно выйти за пределы дерева директорий...