42 matches found
CVE-2026-41530
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...
PT-2026-39936
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...
CVE-2026-30579
File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...
CVE-2026-30579
File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...
CVE-2026-30579
File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000717)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000717 advisory. The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service prevention of file creation by...
CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...
CVE-2022-41232
A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 138, which stems from a specially crafted file name that may hide file extensions...
Amazon Linux 2023 : xz, xz-devel, xz-libs (ALAS2023-2023-042)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-042 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...
SUSE CVE-2012-0427
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted 1 file name or 2 directory name...
SUSE CVE-2012-5375
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service prevention of file creation by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with ...
SUSE CVE-2015-8856
Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...
CVE-2022-41232
A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...
Django 路径遍历漏洞
Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2 before 2.2.26, 3.2.11 before 3.2.2, and 4.0.1 before 4.0.0 contains a path traversal...
[ASA-202107-35] dino: directory traversal
Arch Linux Security Advisory ASA-202107-35 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-33896 Package : dino Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2043 Summary ======= The package dino before version...
Rockwell Automation FactoryTalk View SE Input Validation Error Vulnerability
Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation. An input validation error vulnerability exists in Rockwell Automation FactoryTalk View SE, which originates when the program does not properly validate the input of a file name in t...
Arbitrary File Overwrite
php is vulnerable to arbitrary file overwrite. The vulnerability exists as an off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root / directory. By default, PHP runs as the "apache"...
Phraseanet < 4.0.7 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit title: Stored XSS vulnerability in Phraseanet DAM Open Source software Exploit Author: Krzysztof Szulski Vendor Homepage: https://www.phraseanet.com Software Link also VM: https://www.phraseanet.com/en/download/ Version affected:...
[ASA-201806-8] gnupg: content spoofing
Arch Linux Security Advisory ASA-201806-8 ========================================= Severity: High Date : 2018-06-11 CVE-ID : CVE-2018-12020 Package : gnupg Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-713 Summary ======= The package gnupg before version 2.2.8-1 ...