Directory Traversal

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...

PT-2024-6387 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.18C0 Zyxel NAS542 versions through V5.21ABAG.15C0 Description: A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to...

PT-2024-6514 · Totolink · Totolink Ac1200 T8

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.862 B20230228 Description: The issue is related to the exportOvpn function in the TOTOLINK AC1200 T8 router's firmware, which is vulnerable to buffer overflow due to the lack of input size validation. This c...

PT-2024-18192 · WordPress · Mollie Forms

Name of the Vulnerable Software and Affected Versions: Mollie Forms plugin for WordPress versions up to, and including, 2.6.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the exportRegistrations function. This allows authenticated attackers...

SUSE CVE-2023-37259

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...

PT-2023-25900 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a maliciou...

PT-2021-8098 · Htmldoc +3 · Htmldoc +3

Name of the Vulnerable Software and Affected Versions: htmldoc version 1.9.12 Description: A flaw in htmldoc may result in a write-what-where condition, allowing an attacker to execute arbitrary code and cause denial of service. The issue is related to a double-free in the pspdf export function,...

PT-2020-5835 · Phpmyadmin +1 · Phpmyadmin +1

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 5.0.2 and earlier Description: The issue is related to a lack of neutralization of elements in a CSV file in the "Export" function of the phpMyAdmin web application for database management. This could allow a remote attack...

SUSE-SU-2016:2871-1 Security update for libtcnative-1-0

This update for libtcnative-1-0 fixes the following issues: - Upgrade to libtcnative-1.1.34 bugfix release bsc1004455 See https://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html Unconditionally disable export Ciphers. Improve ephemeral key handling for DH and ECDH. Parameter strengt...

SUSE-SU-2016:0620-1 Security update for openssl

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...