SUSE CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

Remote Code Execution

ruby-git:sid is vulnerable to Remote Code Execution. The vulnerability allows an attacker to remotely execute arbitrary code by getting a user to load a repository containing a specially crafted filename to the product...

Cross site scripting

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persiste...

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

PT-2023-14160 · Unknown · Wepa Print Away

Name of the Vulnerable Software and Affected Versions: WEPA Print Away affected versions not specified Description: The issue concerns a stored XSS that occurs due to improper sanitization of uploaded filenames. An attacker can deceive a user into uploading a document with a malicious filename...

CVE-2023-24148

The CVE-2023-24148 entry applies to TOTOLINK CA300-PoE, firmware version V6.2c.884, which contains a command-injection vulnerability in the FileName parameter of the setUploadUserData function. The issue is documented across multiple sources (NVD/Red Hat/CNNVD and others) with a CVSS v3.1 base sc...

TOTOLINK CA300-PoE 命令注入漏洞

The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which is caused by a command injection issue in the FileName parameter of the setUploadUserData method...

CVE-2022-48140

DedeCMS v5.7.97 is reported to have a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. The issue is documented across multiple sources (e.g., CVE-2022-48140, NVD, RH, CNNVD, OpenVAS) with a CVSS v3.1 base score of 5.4 (Medium) and attributes: AV:...

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service DoS and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version...

F5 BIG-IP 命令注入漏洞

F5 F5OS-A and F5 F5OS-C are both products of F5 Inc. F5 F5OS-A is an operating system software. f5 F5OS-C is an operating system software on VELOS hardware. f5 F5OS has a command injection vulnerability that can be exploited by attackers to trick administrators into uploading a file with a specia...

sinatra: Reflected File Download attack

A flaw was found in Sinatra, a domain-specific language for creating web applications in Ruby. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input...

sinatra: Reflected File Download attack

A flaw was found in Sinatra, a domain-specific language for creating web applications in Ruby. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input...

USN-5820-1 exuberant-ctags vulnerability

Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution...

USN-5820-1: exuberant-ctags vulnerability

Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution...

CVE-2022-45542

EyouCMS = 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file...

CVE-2022-45542

EyouCMS = 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file...

Cross site scripting

EyouCMS = 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file...

CVE-2022-48124

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function...