Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-29334)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by an attacker to bypass filename restrictions during a save...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by an attacker to bypass filename restrictions during a save...

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through = 1.3.0...

CVE-2024-35650

The CVE CVE-2024-35650 concerns the MelaPress Login Security WordPress plugin. It is described as an authenticated (Admin+) PHP Remote File Inclusion vulnerability caused by improper control of the filename used in include/require statements. Affected software: Melapress Login Security versions u...

Vulnerability of the close_altfile() function (filename.c) for UNIX-like system text terminals: allowing attackers to execute arbitrary commands

The vulnerability of the closealtfile function filename.c for UNIX-like system text terminals is related to the omission of the Shellquote call for LESSCLOSE. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

CVE-2024-24192

robdns commit d76d2e6 was discovered to contain a heap overflow via the component block-filename at /src/zonefile-insertion.c...

PYSEC-2024-239

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

PYSEC-2024-239

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

robdns security breach

robdns is a dns service. A security vulnerability exists in robdns, which originates from a heap overflow via the component block-filename at /src/zonefile-insertion.c. The vulnerability is caused by the component block-filename...

PT-2024-20312 · Robdns · Robdns

Name of the Vulnerable Software and Affected Versions: robdns version d76d2e6 Description: A heap overflow was discovered in robdns via the component block-filename at /src/zonefile-insertion.c. Recommendations: For version d76d2e6, consider restricting access to the vulnerable component...

CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing...

CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing...

CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing...

CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing...

Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024

CVE-2024-4358 An Vulnerability detection and Mass Exploitation...

RHEL 4 : perl-libwww-perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perl-libwww-perl: multiple HTTP client download filename vulnerability OCERT 2010-001 CVE-2010-2253 -...

RHEL 8 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 Note that Nessus has not tested for...

RHEL 5 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wget: FTP symlink arbitrary filesystem access CVE-2014-4877 - wget: Lack of filename checking allows...

The vulnerability of the GPU-based terminal emulator protocol implementation, related to the lack of measures taken to clean data at the control level, allows a perpetrator to execute arbitrary code.

The vulnerability of the GPU-based terminal emulator protocol implementation is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted requests within the filename variable...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...