CVE-2018-3716

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...

CVE-2018-3726

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...

Cross site scripting

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...

CVE-2018-3726

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...

CVE-2018-3726

The vulnerability relates to the crud-file-server Node.js module prior to version 0.8.0. Affected component/file: directory index handling in crud-file-server where filenames are not properly validated, leading to a stored Cross-Site Scripting (XSS) vulnerability. Root cause: insufficient sanitiz...

gnupg -- unsanitized output (CVE-2018-12020)

GnuPG reports: GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output...

Debian: Security Advisory (DSA-4222-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Joomla! Core cross-site scripting vulnerability (CNVD-2018-15238)

Joomla! is an open source content management system CMS. The system provides RSS feeds , site search and other features . Joomla! Core is a Joomla! core. A cross-site scripting vulnerability exists in Joomla! Core versions prior to 3.8.8, which stems from the program failing to properly filter fi...

CVE-2018-6378

In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager...

solr: Directory traversal via Index Replication HTTP API

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

CVE-2018-1000177

A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...

CVE-2018-1000177

A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...

PT-2018-9755 · Vaultize · Vaultize Enterprise File Sharing

Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31 Description: An issue was discovered that allows for Stored XSS on the file or folder download pop-up. This occurs via a crafted file or folder name. Recommendations: For Vaultize Enterprise...

Cross-site Scripting (XSS)

glance is vulnerable to persistent cross-site scripting XSS attacks. The vulnerability exists as glance does not sanitize the file names that are served by the static server, allowing malicious file names to be served and executed as code...

ownCloud Cross-Site Scripting Vulnerability (CNVD-2018-08527)

ownCloud is a free and open source personal cloud storage solution from German company ownCloud. The solution offers file management, music storage, calendars, and more. A cross-site scripting vulnerability exists in versions prior to ownCloud 6.0.1. A remote attacker can exploit this vulnerabili...

ruby: Command injection vulnerability in Net::FTP

It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with...

Sensitive data types in Veeam Backup & Replication and Veeam Backup for Microsoft 365 log files

Challenge When you open a support ticket, Veeam Customer Support specialists may request log files. These log files may contain information to which the terms of the data protection laws or internal company policies apply. Veeam Backup & Replication Veeam Backup & Replication log files may includ...

Cross-site Scripting (XSS)

crud-file-server is vulnerable to cross-site scripting XSS attacks. The library does not sanitize file names, allowing a malicious user to inject and execute arbitrary Javascript...

Node.js third-party modules: [simple-server] HTML with iframe element can be used as filename, which might lead to load and execute malicious JavaScript

Hi Guys, simple-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. This is caused by outdated version of connect framework. Module: Simple Server allows you to easily get a node.js static file server up and running anywhere anytime...

Ebay Content Management System EBCMS File Upload Vulnerability

Ebay website management system referred to as EBCMS is Sichuan Ebay Network Technology Co., Ltd. based on PHP + Mysql development of a set of modular plug-in website management system. EBCMS v4.2 and previous versions of the content management system EBCMS file upload vulnerability. The...