FusionPBX 安全漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conferencing server and voice application server. A security vulnerability exists in FusionPBX before 4.5.30, which stems from a fax file...

PT-2021-23832 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.30 Description: An issue was discovered where the FAX file name may contain risky characters, potentially leading to security issues. Recommendations: For versions prior to 4.5.30, update to version 4.5.30 or...

The vulnerability of the “pleaseedit” system administration tool is related to an incorrect definition of the link before accessing the file. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the “pleaseedit” system administration tool is related to the use of predictable file names. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and even cause service interruptions...

CVE-2021-39249

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

Contiki 安全漏洞

Contiki is an open source cross-platform operating system for IoT Internet of Things devices. A security vulnerability exists in Contiki 3.0 that stems from improper handling of the ls command when there are many long name files in a directory. The vulnerability allows remote attackers to trigger...

Nextcloud 输入验证错误漏洞

An input validation error vulnerability exists in Nextcloud Server, which stems from the fact that DownloadResponse does not do security checks on uploaded file names, and could be exploited to trick users into downloading malicious files with normal file name...

Advisory ROSA-SA-2021-1963

Software: rpm 4.11.3 OS: Cobalt 7.9 CVE-ID: CVE-2017-7501 CVE-Crit: HIGH CVE-DESC: It was discovered that rpm versions prior to 4.13.0.2 use temporary files with predictable names when installing RPM. An attacker with the ability to write to the directory where the files will be installed could...

Facebook WhatsApp for Android 路径遍历漏洞

Facebook WhatsApp is a mobile application from Facebook, Inc. that uses the Internet to send text messages. A security vulnerability exists in WhatsApp for Android and WhatsApp Business for Android, which stems from a lack of file name validation when unpacking files, and could be exploited to...

OESA-2021-1210 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

GHSA-RXJP-MFM9-W4WR Path Traversal in Django

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...

CVE-2020-13598

FS: Buffer Overflow when enabling Long File Names in FATFS and calling fsstat. Zephyr versions = v1.14.2, = v2.3.0 contain Stack-based Buffer Overflow CWE-121. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h...

CVE-2020-13598

FS: Buffer Overflow when enabling Long File Names in FATFS and calling fsstat. Zephyr versions = v1.14.2, = v2.3.0 contain Stack-based Buffer Overflow CWE-121. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h...

Stack overflow

FS: Buffer Overflow when enabling Long File Names in FATFS and calling fsstat. Zephyr versions = v1.14.2, = v2.3.0 contain Stack-based Buffer Overflow CWE-121. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h...

CVE-2020-13598 FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat

FS: Buffer Overflow when enabling Long File Names in FATFS and calling fsstat. Zephyr versions = v1.14.2, = v2.3.0 contain Stack-based Buffer Overflow CWE-121. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h...

CVE-2020-13598

CVE-2020-13598 describes a stack-based buffer overflow in Zephyr RTOS related to enabling Long File Names in FAT_FS when calling fs_stat. Affected: Zephyr versions >= v1.14.2 and >= v2.3.0. Root cause: buffer overflow in the Long File Names handling logic. Potential impact: according to con...

Bitwarden: When uploading attachments, unencrypted file names are made available to the server

Certain Bitwarden clients were inadvertently posting raw filenames to the server when saving new attachments. The server was discarding this value and properly storing the encrypted filename, however, a malicious server could glean some information from the filename if it were inclined. The issue...

DEBIAN-CVE-2021-31542

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...

Django -- multiple vulnerabilities

Django Release reports: CVE-2021-31542:Potential directory-traversal via uploaded files. MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names...

SUSE: Security Advisory (SUSE-SU-2021:0776-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VulnCheck KEV: CVE-2020-13671

Improper sanitization in the extension file names is present in Drupal core...