85 matches found
CVE-2018-16867
Technical details for CVE-2018-16867 are not provided in the connected documents. The supplied sources show unrelated advisories; monitor official advisories for concrete affected product, impact, and fixes.
GHSA-8P5P-FF7X-HW7Q Cross-Site Scripting in public
Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...
Cross-Site Scripting in public
Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...
Arbitrary File Overwrite
booster-catalog-service is vulnerable to arbitrary file overwrite attacks. The vulnerability exists due to the improper sanitization of filename when unzipping files in a zip, causing arbitrary file overwrite attacks...
CVE-2015-4717
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service infinite loop and log file consumption via crafted endpoint...
WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download
WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download Title: Remote file download vulnerability in wptf-image-gallery v1.03 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-17 Download Site: https://wordpress.org/plugins/wptf-image-gallery Vendor:...
WordPress Plugin Download Manager Free 2.7.94 Pro 4 - (Authenticated) Persistent Cross-Site Scripting
WordPress Plugin Download Manager Free 2.7.94 Pro 4 - Authenticated Persistent Cross-Site Scripting WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS Vendor Homepage: http://www.wpdownloadmanager.com Software Link: https://wordpress.org/plugins/download-manager Affected...
WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download
Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-02 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh www.MichaelWalsh.org Vendor Notified: 2015-07-02, fixed in v1.45beta3 Vendor...
CollabNet Subversion Edge Management Tail LFI
Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local...
WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure Vulnerability
The Cloudsafe365 plugin for WordPress is prone to a file- disclosure vulnerability because it fails to properly sanitize user- supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
WordPress Plugin LB Mixed Slideshow - upload.php Arbitrary File Upload
WordPress Plugin LB Mixed Slideshow - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/54057/info LB Mixed Slideshow plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately...
Joomla! Component IDoEditor - image.php Arbitrary File Upload
Joomla! Component IDoEditor - image.php Arbitrary File Upload source: https://www.securityfocus.com/bid/53973/info The IDoEditor component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. A...
WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload
source: https://www.securityfocus.com/bid/53994/info Evarisk plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload...
BackWPup for WordPress Plugin Remote File Inclusion
The version of the BackWPup for WordPress plugin installed on the remote host does not sanitize input to the 'wpabs' parameter of the 'app/wpxmlexport.php' script before using it in a 'requireonce' call when the 'nonce' parameter is set to a specific value. An attacker can leverage this issue to...
Joomla! Component com_cgtestimonial 2.2 - Multiple Vulnerabilities
Joomla! Component comcgtestimonial 2.2 - Multiple Vulnerabilities cgTestimonial 2.2 Joomla Component Multiple Remote Vulnerabilities Name cgTestimonial Vendor http://www.cmsgalaxy.com Versions Affected 2.2 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact...
Vana CMS - 'Filename' Arbitrary File Download
source: https://www.securityfocus.com/bid/39415/info Vana CMS is prone to a vulnerability that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files...
PT-2010-1345
Name of the Vulnerable Software and Affected Versions nginx version 0.7.64 Description The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This is becaus...
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...
Acritum Femitter Server Remote File Disclosure Vulnerability
Acritum Femitter FTP Server is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the server process. This may aid in further attacks. Acritum Femitter Server...
BitDefender Internet Security 2009 XSS Vulnerability
BitDefender Internet Security is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...