PT-2023-12820 · Percona +1 · Percona Xtrabackup +1

Name of the Vulnerable Software and Affected Versions: Percona XtraBackup versions 2.2.0 through 2.2.24 Percona XtraBackup versions 3.0.0 through 8.0.27-19 Description: A crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands...

PT-2023-22172 · Ptc · Vuforia

Name of the Vulnerable Software and Affected Versions: Vuforia affected versions not specified Description: The issue allows an attacker to delete any file with the permissions of the Vuforia server account by changing the filename parameter in the request. Recommendations: At the moment, there i...

Percona XtraBackup 命令注入漏洞

Percona XtraBackup is an open source hot backup utility for MySQL databases from Percona USA. A security vulnerability exists in Percona XtraBackup PXB versions prior to 8.0.27-19, which can be exploited by an attacker to trigger an unexpected command shell to execute arbitrary commands via a...

CVE-2023-33690

SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...

PT-2023-24449 · Sonicjs · Sonicjs

Name of the Vulnerable Software and Affected Versions: SonicJS versions up to 0.7.0 Description: The issue allows attackers to execute an authenticated path traversal when special characters are injected into the filename of a backup CMS. Recommendations: For SonicJS versions up to 0.7.0, update ...

SonicJS 路径遍历漏洞

SonicJS is a content management system based on modern open source NodeJs by Lane Personal Developer. A security vulnerability exists in SonicJS v0.7.0 and earlier versions that stems from injecting special characters into the filename of a backup CMS, allowing an attacker to perform authenticate...

CVE-2023-33690

SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

DEBIAN-CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

Design/Logic Flaw

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

CVE-2023-29539

Concrete details found: CVE-2023-29539 (Content-Disposition filename truncation on NULL) affects Firefox family and Thunderbird; root cause is NULL character in filename causing truncation and potential Reflected File Download. Connected documents (Astra Linux bulletin, Debian/CentOS advisories) ...

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

CVE-2023-33955 Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0...

CVE-2023-33955

CVE-2023-33955 affects MinIO Console (UI for MinIO Object Storage). Vulnerability arises from Unicode RIGHT-TO-LEFT OVERRIDE characters used to mask the original filename, enabling information exposure. Root cause is improper handling of such filenames in the MinIO Console prior to the fix. The i...

CVE-2023-33955 Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0...