Cross site scripting

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...

ILIAS Security Vulnerabilities

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS version 7.23 and version 8 prior to 8.3, which stems from a vulnerability that could allow a remote attacker to run arbitrary system commands on the server by uploading a file with a malicious filename...

OESA-2023-1959 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file...

The vulnerability of OMICARD’s marketing mailing system lies in the improper restriction on the name of the path to the restricted catalog. This allows attackers to bypass the authentication process and upload arbitrary files.

The vulnerability of OMICARD’s marketing email system is related to incorrect restrictions on the path name to the restricted catalog during the processing of the FileName parameter. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and upload arbitrary...

PT-2023-30218 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns unauthenticated SQL Injection vulnerabilities. Specifically, the filename attribute of the pic3 multipart parameter in the functions.php resource does not validate the...

CVE-2023-6887

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attac...

PT-2023-32798 · Saysky · Sayski Forestblog

Name of the Vulnerable Software and Affected Versions: saysky ForestBlog up to 20220630 Description: A critical issue has been found in the Image Upload Handler component, affecting the /admin/upload/img file. The manipulation of the filename argument leads to unrestricted upload. This issue can ...

ForestBlog 代码问题漏洞

ForestBlog is an application, a personal blog. An arbitrary file upload vulnerability exists in ForestBlog 20220630 and earlier versions, which stems from a lack of valid validation of the uploaded file by the parameter filename in the file /admin/upload/img. An attacker can exploit this...

CVE-2023-50265 Bazarr Arbitrary file read in /api/swaggerui/static endpoint

Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1...

CVE-2023-48373

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2023-48373

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

PT-2023-7879 · Unknown · Itpison Omicard Edm

Name of the Vulnerable Software and Affected Versions: ITPison OMICARD EDM affected versions not specified Description: The issue is related to a path traversal vulnerability within the FileName parameter in a specific function. This vulnerability can be exploited by an unauthenticated remote...

Jenkins Scriptler Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

AZL-35781 CVE-2023-46219 affecting package cmake for versions less than 3.29.6-1

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

AZL-35020 CVE-2023-46219 affecting package mysql for versions less than 8.0.40-1

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

AZL-32125 CVE-2023-46219 affecting package mysql for versions less than 8.0.40-1

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

Ubuntu: Security Advisory (USN-6547-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...

PT-2023-7886 · Document Foundation +10 · Libreoffice +10

Name of the Vulnerable Software and Affected Versions: LibreOffice affected versions not specified Description: The issue is related to improper input validation in the GStreamer integration of LibreOffice, allowing an attacker to execute arbitrary GStreamer plugins. In affected versions, the...

UBUNTU-CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...