SUSE CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

SUSE CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

SUSE CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2022-40784

Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406...

mIPC camera 缓冲区错误漏洞

mIPC camera firmware is a camera from mIPC. mIPC camera firmware version 5.3.1.2003161406 is vulnerable to an input validation error, which stems from unrestricted user input when setting up a zone file and can be exploited by an attacker to trigger a stack buffer overflow...

CVE-2021-40647

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it...

CVE-2021-40647

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it...

Delta Electronics DOPSoft 缓冲区错误漏洞

Delta Electronics DOPSoft is a Human Machine Interface HMI software suite from Delta Electronics Taiwan, China. A buffer error vulnerability exists in Delta Electronics DOPSoft, which arises from the processing of specific project files without properly sanitizing the user input could result in t...

PT-2022-14859 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.2.46 Description: The issue is related to Stored Cross-Site Scripting via the filefiles parameter due to insufficient input sanitization and output escaping. This allows...

.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'...

UBUNTU-CVE-2021-3643

A flaw was found in sox 14.4.1. The lsxadpcminit function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information...

Input validation

An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the...

CVE-2022-24399

The SAP Focused Run Real User Monitoring - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2022-0351

A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution...

CVE-2022-23935

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection...

CVE-2021-4173

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution...

Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability

Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...

UBUNTU-CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

GNU Chess: Buffer overflow

Background GNU Chess is a console based chess interfae. Description The cmdpgnload and cmdpgnreplay functions in cmd.cc in GNU Chess to not sufficiently validate PGN file input, potentially resulting in a buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PG...

GHSA-25XM-HR59-7C27 github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)

Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size ...