GHSA-GFQF-9W98-7JMX Stimulsoft Dashboard.JS directory traversal vulnerability

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

CVE-2024-0761

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...

phpMyFAQ Security Vulnerabilities

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.4, which stems from an insecure fallback of a filename in phpMyFAQphpmyfaqadminattachments.php that could result in allowing JavaScript...

Stimulsoft GmbH Stimulsoft Dashboard.JS security vulnerability

Stimulsoft GmbH Stimulsoft Dashboard.JS is a powerful dashboard development tool from Stimulsoft. A security vulnerability exists in Stimulsoft GmbH Stimulsoft Dashboard.JS versions prior to v.2024.1.2. An attacker can exploit this vulnerability to execute arbitrary code via a specially crafted...

PT-2024-4060 · Unknown · Irisevtxmodule

Name of the Vulnerable Software and Affected Versions: IrisEVTXModule versions prior to 1.0.0 Description: The issue is related to the incorrect restriction of the directory path name with limited access in the IrisEVTXModule, which handles Microsoft EVTX log files. This can lead to remote code...

CVE-2024-1112

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument...

Heap overflow

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument...

Resource Hacker Buffer Error Vulnerability

Resource Hacker is a resource editor for 32-bit and 64-bit Windows applications from the individual developer Angus Johnson. Resource Hacker version 3.6.0.92 suffers from a buffer error vulnerability that originates from allowing an attacker to execute arbitrary code via a long filename parameter...

PT-2024-16773 · Unknown · Resource Hacker

Name of the Vulnerable Software and Affected Versions: Resource Hacker version 3.6.0.92 Description: A heap-based buffer overflow issue exists, potentially allowing an attacker to execute arbitrary code via a long filename argument. Recommendations: For version 3.6.0.92, consider avoiding the use...

CVE-2024-23826

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

CVE-2024-23826

The CVE-2024-23826 affects the spbu_se_site web application (St. Petersburg State University). Before 2024-01-29, authenticated users could upload an avatar image with a very large Unicode filename, triggering a server-side DoS on Windows due to unbounded filename length and costly Unicode normal...

CVE-2024-23826 Uploading an image with a specific filename causes a server-side DoS

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

CVE-2024-23826 Uploading an image with a specific filename causes a server-side DoS

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

spbu_se_site Security Vulnerabilities

spbusesite is the website of the Department of Systems Programming at St. Petersburg State University. A security vulnerability exists in versions of spbusesite prior to 2024.01.29, which stems from an unrestricted filename length, where an authenticated user may intentionally use a large Unicode...

PT-2024-20108 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: spbu se site versions prior to 2024.01.29 Description: The issue arises when an authenticated user uploads an avatar image with a large Unicode filename, leading to a server-side denial of service under Windows. This is due to the lack of...

Improper Access Control

vite is vulnerable to Improper Access Control. The vulnerability is due to lack of case sensitive filename validation in the dev server. An attacker can bypass file system access validation by entering a case insensitive file name...

Debian dla-3716 : ruby-httparty - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3716 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3716-1 [email protected] https://www.debian.org/lts/security/...