Yitu 安全漏洞

wondershare Yitu 亿图 is a one-stop office mapping tool from the Chinese company wondershare. A security vulnerability exists in Yitu version 3.2.2, which stems from a remote code execution vulnerability that allows an attacker to construct a special filename for the exp.adpx file in the form of a...

CVE-2024-9395

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...

CVE-2024-9395

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...

CVE-2024-9395

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...

UBUNTU-CVE-2024-9395

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...

CVE-2024-9395

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...

CVE-2024-9395

The CVE-2024-9395 issue affects Firefox for Android (Firefox

CVE-2024-9395

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...

CVE-2024-9395

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...

Optigo Networks ONS-S8 - Spectra Aggregation Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion', Weak...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 131, which stems from the fact that a specially crafted filename containing a large number of spaces may obscure the file's...

PT-2024-38261 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging WordPress plugin versions prior to 0.9.106 Description: The issue concerns the insufficient randomness in filenames created during backup generation, which could be bruteforced by attackers to leak sensitive...

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

Synology DiskStation FAAD2 Decoder Out-of-bounds Write (CVE-2021-26567)

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

PT-2024-7793

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 131 Description A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This issue may allow a remote attacker to conduct...

CVE-2024-47531

Scout is a web-based visualizer for VCF-files. The issue arises from insufficient sanitization of download filenames, allowing bypass of the intended file extension and the delivery of files with any extension. Malicious content embedded in the file could be downloaded and opened by users, potent...

Scout 安全漏洞

Scout is an open source platform from Clinical Genomics for analyzing VCFs and being able to aid collaborations to solve rare diseases faster. A security vulnerability exists in Scout versions prior to 4.89 that stems from a lack of filename cleanup and can bypass expected file extensions and all...

PT-2024-32645 · Scout · Scout

Name of the Vulnerable Software and Affected Versions: Scout versions prior to 4.89 Description: The issue arises from the lack of sanitization in filenames, allowing bypass of intended file extensions. This enables the download of malicious files with any extension. If users unknowingly download...

DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used...

Ubuntu: Security Advisory (USN-7027-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...