996 matches found
CVE-2022-47417
LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document file name...
WEPA Print Away 跨站脚本漏洞
WEPA Print Away is a cloud-based print management solution organized by the University of Wisconsin-Milwaukee. WEPA Print Away has a security vulnerability that stems from not properly cleaning up uploaded file names. An attacker exploited the vulnerability to perform a cross-site scripting attac...
PT-2023-18607 · F5 · F5Os-A +1
Name of the Vulnerable Software and Affected Versions: F5OS-A versions 1.2.0 through 1.2.x F5OS-C versions 1.3.0 through 1.4.x Description: The issue allows for command injection when processing F5OS tenant file names. This may potentially lead to unauthorized access or control. No information is...
PT-2023-10019 · Unknown · Flash Tool
Name of the Vulnerable Software and Affected Versions: flash tool gem versions prior to 0.6.0 Description: The issue allows command execution via shell metacharacters in the name of a downloaded file. It is triggered during the handling of downloaded files that contain shell characters, enabling ...
Cross site scripting
Cross site scripting XSS vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names...
CVE-2022-45557
Cross site scripting XSS vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names...
CVE-2022-45557
Concrete details found: CVE-2022-45557 affects Hundredrabbits Left, version 7.1.5 on macOS, due to a cross-site scripting (XSS) in file names. Root cause is improper handling/sanitization of filenames leading to script execution. Impact aligns with XSS, enabling arbitrary code execution via craft...
Siemens Automation License Manager File Name or Path External Control Vulnerability
The Automation License Manager ALM centrally manages license keys for various Siemens software products. Software products that require a license key automatically report this requirement to ALM. When ALM finds a valid license key for the software, the software can be used according to the end-us...
GHSA-PFPR-3463-C6JH ruby-git has potential remote code execution vulnerability
The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the git ls-files command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as \n, then the git ls-files command would print the file name in...
Potential remote code execution in ruby-git
The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the 'git ls-files' command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as '\n', then the 'git ls-files' command would print the file nam...
CVE-2023-0046
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch...
Input validation
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch...
PT-2023-18516 · Viewvc · Viewvc
Name of the Vulnerable Software and Affected Versions: ViewVC versions prior to 1.2.3 ViewVC versions prior to 1.1.30 Description: ViewVC is a browser interface for CVS and Subversion version control repositories. The impact of this vulnerability is mitigated by the need for an attacker to have...
Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions
The Mozilla Foundation Security Advisory describes this flaw as: A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code...
ILIAS 安全漏洞
ILIAS is an open source learning management system. A security vulnerability exists in ILIAS eLearning platform versions prior to 7.16 that stems from allowing external control over file names or paths...
Cross-site Scripting (XSS)
Overview serve-lite is an a lightweight http-server for static file-based web development Affected versions of this package are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the...
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
UBUNTU-CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
PT-2022-7423 · Gnu Emacs +9 · Gnu Emacs +9
Name of the Vulnerable Software and Affected Versions: GNU Emacs versions through 28.2 Description: The issue is related to the incorrect neutralization of special elements in the lib-src/etags.c component of the ctags program in the EMACS text editor. This can allow an attacker to execute comman...