USN-7027-1 emacs, emacs24, emacs25 vulnerabilities

It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-45939 Xi Lu discovered that Emacs incorrectly handled input...

VulnCheck KEV: CVE-2014-4535

Cross-site scripting XSS vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

VulnCheck KEV: CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...

VulnCheck KEV: CVE-2008-6668

Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the 1 id parameter to comm.php and 2 varfilename parameter to viewrq.php...

VulnCheck KEV: CVE-2012-4940

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in 1 the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName...

The vulnerability of the generate_filename() function in the django.core.files.storage.Storage class of the Django web application framework allows a malicious actor to write arbitrary files.

The vulnerability of the generatefilename function in the django.core.files.storage.Storage class of the Django web application framework is related to an incorrect path name limitation for restricted directories. Exploiting this vulnerability could allow a malicious actor to write arbitrary file...

OESA-2024-2129 exim security update

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

CVE-2024-8694

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is...

JFinalCMS 路径遍历漏洞

JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...

JFinalCMS 路径遍历漏洞

JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...

PT-2024-39186 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS up to 20240903 Description: A vulnerability was found in the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is...

OESA-2024-2105 exim security update

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

CLSA-2024-1725550629 exim: Fix of CVE-2024-39929

CVE-2024-39929: fix incorrectly parsing MIME parses filenames that are specified using multiple parameters...

python-django: Potential directory-traversal in django.core.files.storage.Storage.save()

A vulnerability was found in Python-Django in the Derived classes of the django.core.files.storage.Storage base class that overrides the generatefilename without replicating the file path validations existing in the parent class. This flaw allows potential directory traversal via certain inputs...

USN-6981-2: Drupal vulnerabilities

USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code...

Path Traversal

actions/artifact is vulnerable to Path Traversal. The vulnerability is due to improper validation of filenames in specifically crafted artifacts, allowing path traversal when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal...

EulerOS Virtualization 2.12.1 : less (EulerOS-SA-2024-2309)

According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename....

EulerOS Virtualization 2.12.0 : less (EulerOS-SA-2024-2329)

According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename....

Overleaf 安全漏洞

Overleaf is an open source online real-time collaborative LaTeX editor from Overleaf Open Source. A security vulnerability exists in Overleaf. An attacker can exploit the vulnerability to load a dictionary file with an arbitrary filename...

ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal', 'Description' = %q This module exploits a directory traversal vulnerabili...