CVE-2017-7501

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to...

Directory traversal

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to pare...

CVE-2017-12313

An untrusted search path aka DLL Preload vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working director...

GHSA-V633-X5VV-HQWC Cross-Site Scripting in serve-index

Versions 1.6.2 and earlier of serve-index are affected by a cross-site scripting vulnerability. Because file and directory names are not escaped in the module's HTML output, a remote attacker that can influence file or directory names can launch a persistent cross-site scripting attack on the...

DEBIAN-CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

Synology Office Command Injection Vulnerability

Synology Office is a web-based office software system from Synology. The system features online document and spreadsheet creation, as well as importing local files. A command injection vulnerability exists in the Document.php file in Synology Office versions 2.2.0-1502 and 2.2.1-1506. A remote...

Code injection

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

CVE-2015-4035

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

CVE-2015-4035

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

CVE-2015-4035

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name...

Nextcloud: Android content provider exposes password-protected share password hashes

Summary Nextcloud Android client v1.4.3 has a globally available content provider which exposes the bcrypt password hashes for password protected shared files and folders. Description Android apps can use a content provider to handle storage and retrieval of data. Content providers that are...

Open-Xchange: RTLO character in file names

DESCRIPTION ------- Hello, I have noticed that you allow the RTLO Right-To-Left-Override character is not filtered from the names of the files saved to drive, or in the attachement names, thus allowing 2 things : 1. Someone sends a malicious file html or exe or something esle via email that...

The vulnerability of the unarj library, which provides data archiving, allows attackers to re-record any files they choose.

The vulnerability of the -x command line option for extracting the unarj library, which handles data archiving, is related to deficiencies in path name restrictions. Exploiting this vulnerability allows a malicious actor to overwrite arbitrary files using an arj archive with file names containing...

CVE-2016-3023

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names...

CVE-2016-3023

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names...

Code injection

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names...

CVE-2016-3023

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names...

Local Privilege Escalation

Overview Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission t...

Vulnerabilities in the Android operating system that allow a hacker to increase their privileges

Multiple vulnerabilities in the libdex/OptInvocation.cpp file of the Android operating system’s DexClassLoader component are due to buffer overflows. Exploiting these vulnerabilities could allow a malicious actor to enhance their privileges through a specially created application that works with...

UBUNTU-CVE-2016-3757

The printmaps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237...