996 matches found
CVE-2018-10916
It has been discovered that lftp does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker-controlled FTP server, resulting in the removal of all files...
Mozilla: Compromised IPC child process can list local filenames
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...
Mozilla: Compromised IPC child process can list local filenames
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...
EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2018-1221)
According to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject...
CVE-2018-3747
The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...
Design/Logic Flaw
The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...
CVE-2018-3747
CVE-2018-3747 concerns the public Node.js module (versions
CVE-2018-3747
The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...
UBUNTU-CVE-2018-1000532
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...
GIMP File Creation Vulnerability
GIMP GNU Image Manipulation Program, GNU Image Manipulation Program is a cross-platform open source image processing software developed by the GIMP team. The software enables a variety of image processing, including photo retouching, image compositing and image creation. A security vulnerability...
crud-file-server node module cross-site scripting vulnerability
The crud-file-server node module is a file server that supports create, read, update and delete functions. A cross-site scripting vulnerability exists in crud-file-server node module versions prior to 0.8.0, which stems from the program's lack of file name validation. A remote attacker can exploi...
CVE-2017-7765
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only...
CVE-2017-7765
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only...
Debian DSA-4222-1 : gnupg2 - security update
Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at...
Debian DSA-4223-1 : gnupg1 - security update
Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at...
[SECURITY] [DSA 4224-1] gnupg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4224-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4224-1] gnupg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4224-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4223-1] gnupg1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4223-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4222-1] gnupg2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4222-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2018 https://www.debian.org/security/faq -...
CVE-2018-3726
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...