261 matches found
CVE-2018-20483
setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...
CVE-2018-20483
setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...
WordPress 3.7.x < 3.7.19 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 4.1.x < 4.1.16 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
Synology DiskStation Manager Information Disclosure Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. An information disclosure vulnerability exists in SYNO.Core.ACL in Synology DSM versions prior to...
Information disclosure
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...
CVE-2016-9094
Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file...
EulerOS 2.0 SP1 : rsync (EulerOS-SA-2018-1011)
According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata...
CVE-2017-18005
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file...
CVE-2017-18005
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file...
CVE-2017-17433
The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...
Product update: Virtuozzo 7.0 Update 6 Hotfix 1 (7.0.6-678)
The Hotfix 1 for Virtuozzo 7.0 Update 6 provides stability and usability bug fixes. Vulnerability id: PSBM-72443 Migration of a VM with two HDDs from Virtuozzo 6 to 7 could fail due to a libvirt conversion failure. Vulnerability id: PSBM-77096 vstorage-mount could crash under certain conditions d...
Updated curl packages fix security vulnerabilities
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
Cross site scripting
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
UBUNTU-CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
CVE-2017-6814 affects WordPress
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...