UBUNTU-CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...

Directory traversal

Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences...

CVE-2014-2864

Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences...

ownCloud 'filename'参数远程代码执行漏洞

Bugtraq ID:66000 CVE ID:CVE-2014-2044 ownCloud是一款开源的私有云服务器。 ownCloud不正确过滤用户提交的'filename'参数数据，允许远程攻击者利用漏洞提交恶意POST请求执行任意代码。受影响脚本为： /owncloud/owncloud/?app=files&getfile=ajax%2Fupload.php POST 'filename' parameter 0 ownCloud 4.0.x ownCloud 4.5.x 厂商补丁： ownCloud ----- ownCloud 5.0已经修复该漏洞，建议用户下载更新：...

CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...

CVE-2013-2068

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...

Novell Messenger Client Filename Parameter Stack Buffer Overflow (CVE-2013-1085)

A stack buffer over flow has been reported in Novell Messenger client...

CVE-2013-0150

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execut...

Directory traversal

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execut...

PT-2013-2133 · F5 · Firepass +1

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP APM versions 10.1.0 through 10.2.4 F5 BIG-IP APM versions 11.0.0 through 11.3.0 FirePass versions 6.0.0 through 6.1.0 FirePass version 7.0.0 Description: A directory traversal issue exists in the client-side components of the affect...

Ruby ftpd Gem 'filename' Parameter Remote Command Execution

Nessus was able to exploit a code injection vulnerability in the Ruby ftpd Gem by providing a specially crafted 'filename' parameter to the LIST command. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65078; scriptversion"1.9"; scriptcvsdate"Date: 2018/11/15 20:50:22...

CVE-2011-5219

Directory traversal vulnerability in examples/showcode.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter...

CVE-2012-4873

Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

TFTP Server for Windows 1.4 ST WRQ Buffer Overflow

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...

CVE-2011-4167

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp...

Stack overflow

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp...

CVE-2011-4167

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp...

TimeLive Time and Expense Tracking Multiple Vulnerabilities

The host is running TimeLive Time and Expense Tracking and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodtimelivetimeandexpensetrackingmultvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ TimeLive Time and Expense Tracking Multiple Vulnerabilities Authors: Antu Sanadi...

CVE-2011-2757

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...