8778 matches found
Mozilla: Content-Disposition filename truncation leads to Reflected File Download
The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...
CVE-2023-29800
TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
PT-2023-3156 · Totolink · Totolink X18
Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version V9.1.0cu.2024 B20220329 Description: The issue is related to insufficient argument validation in the UploadFirmwareFile function of the TOTOLINK X18 router's firmware, allowing a remote attacker to execute arbitrary...
RHEL 7 : firefox (RHSA-2023:1791)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1791 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
SUSE CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29542
The Mozilla Foundation Security Advisory describes this flaw as: A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bu...
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:1819-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1819-1 advisory. - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This...
Mozilla Thunderbird Security Advisory (MFSA2023-15) - Mac OS X
Thunderbird is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
UBUNTU-CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
Arbitrary file deletion
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
GDidees CMS 代码问题漏洞
GDidees CMS is a website builder from GDidees. A security vulnerability exists in GDidees CMS version v3.9.1 and earlier versions, which originated from a discovery of an arbitrary file download vulnerability via the filename parameter of /admin/imgdownload.php...
Mozilla Firefox ESR 安全漏洞
Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR prior to version 102.10, which originates from a line break in a filename that can bypass the file extension security...
PT-2023-20991 · Unknown · Gdidees Cms
Name of the Vulnerable Software and Affected Versions: GDidees CMS versions 3.9.1 and lower Description: The issue is related to an arbitrary file download via the filename parameter at the "/ admin/imgdownload.php" API endpoint. This allows unauthorized access to files on the system...
Security Vulnerabilities fixed in Firefox ESR 102.10 — Mozilla
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.This bug only affects Firefox for macOS. Other operating systems are unaffected. A local attacker can trick the Mozilla Maintenance Service into applying...
Mozilla Firefox ESR 代码问题漏洞
Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR versions prior to 102.10, which stems from a truncated filename if the filename contains NULL characters when processi...
Minecraft 路径遍历漏洞
Minecraft My World is a Swedish sandbox game by Mojang. A security vulnerability exists in Minecraft BiblioCraft versions prior to 2.4.6 that stems from not cleaning up path traversal characters in filenames...