Lucene search
+L

69 matches found

CNVD
CNVD
added 2021/06/17 12:0 a.m.14 views

Facebook WhatsApp for Android path traversal vulnerability

Facebook WhatsApp is a mobile application from Facebook, Inc. that uses the Internet to send text messages. A security vulnerability exists in WhatsApp for Android and WhatsApp Business for Android, which stems from a lack of file name validation when unpacking files, and could be exploited to...

9.1CVSS3.5AI score0.01134EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/12/02 12:0 a.m.31 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : libmspack Multiple Vulnerabilities (NS-SA-2019-0217)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libmspack packages installed that are affected by multiple vulnerabilities: - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity...

8.8CVSS6.8AI score0.03806EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2018/06/07 12:0 a.m.5 views

PT-2018-16150 · Unknown · Crud-File-Server

Name of the Vulnerable Software and Affected Versions: crud-file-server versions prior to 0.8.0 Description: The issue is related to a lack of validation of file names, leading to a Cross-Site Scripting vulnerability. This is due to insufficient sanitization of filenames when the directory index ...

6.1CVSS5.9AI score0.01046EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2018/05/14 8:15 p.m.10 views

solr: Directory traversal via Index Replication HTTP API

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

7.5CVSS5.7AI score0.06559EPSS
Exploits0References4
Prion
Prion
added 2014/11/19 6:59 p.m.14 views

Design/Logic Flaw

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors...

5CVSS7.2AI score0.01173EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2013/09/11 12:0 a.m.7 views

PT-2013-5211 · Hewlett Packard · Hp Procurve Manager +2

Name of the Vulnerable Software and Affected Versions: HP ProCurve Manager versions 3.20 through 4.0 HP PCM+ versions 3.20 through 4.0 Identity Driven Manager version 4.0 Description: The issue concerns the UpdateCertificatesServlet in the SNAC registration server, which fails to properly validat...

10CVSS7.6AI score0.51903EPSS
Exploits10References9
myhack58
myhack58
added 2012/10/23 12:0 a.m.21 views

Baidu Ueditor Open Source Editor for the Java version of jsp file upload vulnerability-vulnerability warning-the black bar safety net

The system default file upload process jsp filter is not strict cause can upload a jsp file,the jsp, you know how system privileges can execute arbitrary commands ! The problem is in the imageUp. jsp here use java regular expression to validate the uploaded file file name Re-set the file name whe...

1.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/09/14 12:0 a.m.54 views

Debian DSA-1371-1 : phpwiki - several vulnerabilities

Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file...

10CVSS5.4AI score0.03529EPSS
Exploits0References9
CVE
CVE
added 2006/08/17 11:0 p.m.58 views

CVE-2004-2661

Soft3304 04WebServer before 1.41 fails to properly validate requested file names, allowing remote attackers to obtain CGI source code. The issue is network-exploitable and leads to partial information disclosure (CGI source). No exploitation details or official fixes are provided in the supplied ...

5CVSS6.6AI score0.01175EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder