8788 matches found
CVE-2023-46574
An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function...
CVE-2023-38191
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtestexternal.php XSS via a crafted filename...
Design/Logic Flaw
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtestexternal.php XSS via a crafted filename...
ruby-git: code injection vulnerability
A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository...
ruby-git: code injection vulnerability
A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository...
ruby-git: code injection vulnerability
A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository...
ruby-git: code injection vulnerability
A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository...
OESA-2023-1751 zlib security update
Zlib is a free, general-purpose, not covered by any patents, lossless data-compression library for use on virtually any computer hardware and operating system. The zlib data format is itself portable across platforms. Security Fixes: MiniZip in zlib through 1.3 has an integer overflow and resulta...
CVE-2023-38191
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtestexternal.php XSS via a crafted filename...
PT-2023-26327 · Unknown · Superwebmailer
Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: An issue was discovered in SuperWebMailer that allows spamtest external.php XSS via a crafted filename. The issue is related to the filename variable, which can be exploited to execute XSS...
CVE-2023-38191
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtestexternal.php XSS via a crafted filename...
ruby-git: code injection vulnerability
A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository...
Arduino Create Agent path traversal - local privilege escalation vulnerability
Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...
PT-2023-28995 · Arduino · Arduino Create Agent
Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/upload" which handles requests with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able ...
AZL-43525 CVE-2023-45853 affecting package gpsbabel 1.8.0-4
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
DEBIAN-CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-35242 CVE-2023-45853 affecting package rust for versions less than 1.75.0-1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-35295 CVE-2023-45853 affecting package tcl for versions less than 8.6.13-3
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-61795 CVE-2023-45853 affecting package optipng 0.7.8-5
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-31500 CVE-2023-45853 affecting package zlib for versions less than 1.2.13-2
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...