Joomla! 3.2.x < 3.6.5 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JFilterInput::isFileSafe function due to improper validation of file types and extensions of uploaded files before placing them in a user-accessible pat...

Joomla! 1.7.x < 3.6.5 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JFilterInput::isFileSafe function due to improper validation of file types and extensions of uploaded files before placing them in a user-accessible pat...

Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

Medium: zsh

Issue Overview: An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line.CVE-2018-0502 It was discovered that zsh does not properly validate the shebang of input files and it truncates i...

CVE-2018-15415

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

CVE-2018-15420

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

CVE-2018-15418

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

Format string

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

CVE-2018-15408 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

CVE-2015-9272

The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...

CVE-2015-9271

The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different...

CVE-2018-8449

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-15536

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...

osTicket 1.10.1 - Arbitrary File Upload

osTicket 1.10.1 - Arbitrary File Upload Exploit Title: osTicket 1.10.1 - Arbitrary File Upload Exploit Author: r3j10r Rajwinder Singh Date: 2018-08-08 Vendor Homepage: http://osticket.com/ Software Link: http://osticket.com/download Version: osTicket v1.10.1 CVE-2017-15580 Vulnerability Details:...

Security Bulletin: IBM Security Key Lifecycle Manager is affected by upload of files of dangerous types (CVE-2016-6104)

Summary IBM Security Lifecycle Manager allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Vulnerability Details CVEID: CVE-2016-6104 DESCRIPTION: IBM Tivoli Key Lifecycle Manager could allow a remote attacker to...

CVE-2018-3725

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

Cross site scripting

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...

Path traversal

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

Path traversal

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3716

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...