CVE-2019-10047

CVE-2019-10047 is a stored XSS vulnerability in Pydio Core ≤ 8.2.2, exploitable via the file upload and file preview features of the web application. An authenticated attacker can upload an HTML file containing JavaScript and a subsequent file-preview URL can render that file, causing the script ...

Keybase: XSS on Desktop Client

Steps to reproduce 1. Create a file named as 'alert1v.SS'.mp4 in the keybase public/private folder. 2. On the desktop client open the file as a preview. 3. An alert box pops up. gif poc: F399836 The Problem The client/shared/fs/filepreview/av-view.desktop.js file contains a template literal with...

CVE-2018-19556

zbsystem/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability...

CVE-2018-19556

zbsystem/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability...

Design/Logic Flaw

DISPUTED zbsystem/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability...

CVE-2018-19556

zbsystem/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability...

CVE-2018-19556

CVE-2018-19556 affects Z-BlogPHP 1.5, specifically the endpoint zb_system/admin/index.php?act=UploadMng. The vulnerability description states that file preview handling in this endpoint mishandles previews, which could lead to content spoofing. The reports note that the software maintainer disput...

PT-2018-15001 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5 Description: The issue in Z-BlogPHP relates to the mishandling of file preview in the zb system/admin/index.php?act=UploadMng endpoint, potentially leading to content spoofing. However, it's noted that the software...

CVE-2018-3762

CVE-2018-3762 affects Nextcloud Server prior to 12.0.8 and 13.0.3, where improper checks of dropped permissions for incoming shares let a user request previews for files they should not access. Root cause: inadequate enforcement of access control on image preview requests. Impact stated in source...

LibreOffice Calc And Writer File Disclosure Vulnerability - Windows

LibreOffice is prone to arbitrary file disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Script Execution flaw in Google drive poses security threat

Once again Google Security Team Shoot itself in the foot. Ansuman Samantaray, an Indian penetration tester discovered a small, but creative Security flaw in Google drive that poses phishing threat to million of Google users was ignored by Google Security team by replying that,"It is just a mare...

Script Execution flaw in Google drive poses security threat

Once again Google Security Team Shoot itself in the foot. Ansuman Samantaray, an Indian penetration tester discovered a small, but creative Security flaw in Google drive that poses phishing threat to million of Google users was ignored by Google Security team by replying that,"It is just a mare...

GNOME Nautilus

According to the GNOME documentations, the file manager Nautilus is able to display a preview of most of the files. ref: http://library.gnome.org/users/user-guide/stable/gosnautilus-60.html.en This is a Proof Of Concept, it works using the default settings Local Files Only checked. ++++ BEGIN...

CVE-2007-4701

CVE-2007-4701 affects WebKit/Safari on Apple Mac OS X 10.4–10.4.10. When previewing a PDF, temporary files are not created securely, allowing local users to read the contents of the PDF. Mitigation via Mac OS X 10.4.11 Security Update (MacOSXUpdCombo10.4.11 for Intel/PPC) is available from Apple....

CVE-2002-2047

The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...

CVE-2002-2047

The CVE-2002-2047 entry describes a vulnerability in the file preview feature of Sketch (version 0.6.12 and earlier). The issue is that remote attackers can execute arbitrary commands by supplying shell metacharacters in the filename of an encapsulated Postscript (EPS) file, exploiting the previe...

Important: Red Hat Security Advisory: kdebase security update

This erratum provides updated KDE packages to resolve a vulnerability in the handling of PostScript and PDF files. KDE is a graphical desktop environment for the X Window System. KDE versions up to and including KDE 3.1.1 have a vulnerability caused by neglecting to use the -dSAFER option when...