Lucene search
K

85 matches found

CVE
CVE
added 2018/12/12 1:0 p.m.100 views

CVE-2018-16867

Technical details for CVE-2018-16867 are not provided in the connected documents. The supplied sources show unrelated advisories; monitor official advisories for concrete affected product, impact, and fixes.

7.8CVSS7.8AI score0.00424EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/10/10 5:27 p.m.12 views

GHSA-8P5P-FF7X-HW7Q Cross-Site Scripting in public

Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...

6.1CVSS6.1AI score0.00759EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2018/10/10 5:27 p.m.21 views

Cross-Site Scripting in public

Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...

6.1CVSS4.7AI score0.00759EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2018/08/27 3:0 a.m.12 views

Arbitrary File Overwrite

booster-catalog-service is vulnerable to arbitrary file overwrite attacks. The vulnerability exists due to the improper sanitization of filename when unzipping files in a zip, causing arbitrary file overwrite attacks...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2015/10/21 6:0 p.m.22 views

CVE-2015-4717

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service infinite loop and log file consumption via crafted endpoint...

5AI score0.02832EPSS
Exploits0References3
exploitpack
exploitpack
added 2015/08/10 12:0 a.m.12 views

WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download

WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download Title: Remote file download vulnerability in wptf-image-gallery v1.03 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-17 Download Site: https://wordpress.org/plugins/wptf-image-gallery Vendor:...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2015/07/16 12:0 a.m.11 views

WordPress Plugin Download Manager Free 2.7.94 Pro 4 - (Authenticated) Persistent Cross-Site Scripting

WordPress Plugin Download Manager Free 2.7.94 Pro 4 - Authenticated Persistent Cross-Site Scripting WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS Vendor Homepage: http://www.wpdownloadmanager.com Software Link: https://wordpress.org/plugins/download-manager Affected...

6.7AI score
Exploits0
Exploit DB
Exploit DB
added 2015/07/13 12:0 a.m.30 views

WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-02 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh www.MichaelWalsh.org Vendor Notified: 2015-07-02, fixed in v1.45beta3 Vendor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/06/30 12:0 a.m.27 views

CollabNet Subversion Edge Management Tail LFI

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2012/08/28 12:0 a.m.15 views

WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure Vulnerability

The Cloudsafe365 plugin for WordPress is prone to a file- disclosure vulnerability because it fails to properly sanitize user- supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.3AI score
Exploits0References1
exploitpack
exploitpack
added 2012/06/18 12:0 a.m.18 views

WordPress Plugin LB Mixed Slideshow - upload.php Arbitrary File Upload

WordPress Plugin LB Mixed Slideshow - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/54057/info LB Mixed Slideshow plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2012/06/13 12:0 a.m.13 views

Joomla! Component IDoEditor - image.php Arbitrary File Upload

Joomla! Component IDoEditor - image.php Arbitrary File Upload source: https://www.securityfocus.com/bid/53973/info The IDoEditor component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. A...

Exploits0
Exploit DB
Exploit DB
added 2012/01/14 12:0 a.m.22 views

WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/53994/info Evarisk plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/03/29 12:0 a.m.25 views

BackWPup for WordPress Plugin Remote File Inclusion

The version of the BackWPup for WordPress plugin installed on the remote host does not sanitize input to the 'wpabs' parameter of the 'app/wpxmlexport.php' script before using it in a 'requireonce' call when the 'nonce' parameter is set to a specific value. An attacker can leverage this issue to...

6AI score
Exploits0References1
exploitpack
exploitpack
added 2010/08/06 12:0 a.m.18 views

Joomla! Component com_cgtestimonial 2.2 - Multiple Vulnerabilities

Joomla! Component comcgtestimonial 2.2 - Multiple Vulnerabilities cgTestimonial 2.2 Joomla Component Multiple Remote Vulnerabilities Name cgTestimonial Vendor http://www.cmsgalaxy.com Versions Affected 2.2 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2010/04/13 12:0 a.m.25 views

Vana CMS - 'Filename' Arbitrary File Download

source: https://www.securityfocus.com/bid/39415/info Vana CMS is prone to a vulnerability that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2010/01/13 12:0 a.m.9 views

PT-2010-1345

Name of the Vulnerable Software and Affected Versions nginx version 0.7.64 Description The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This is becaus...

6.8CVSS7.2AI score0.27008EPSS
Exploits2References13
seebug.org
seebug.org
added 2009/11/11 12:0 a.m.16 views

WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2009/04/26 12:0 a.m.14 views

Acritum Femitter Server Remote File Disclosure Vulnerability

Acritum Femitter FTP Server is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the server process. This may aid in further attacks. Acritum Femitter Server...

0.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2009/03/20 12:0 a.m.21 views

BitDefender Internet Security 2009 XSS Vulnerability

BitDefender Internet Security is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

4.3CVSS5.6AI score0.29955EPSS
Exploits0References4
Rows per page
Query Builder