8778 matches found
USN-5782-3 firefox regressions
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use th...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via manipulation of the argument filename in the placeholder function. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise...
Inline SVG 跨站脚本漏洞
Inline SVG is a library from the personal developer James Martin. SVG documents are styled for use on the Web using CSS by adding classes to the document and embedding them in HTML. A cross-site scripting vulnerability exists in Inline SVG that stems from unknown functionality in the file...
PT-2023-11814 · Unknown · Jamesmartin Inline Svg
Name of the Vulnerable Software and Affected Versions: jamesmartin Inline SVG versions up to 1.7.1 Description: A vulnerability has been found in the component URL Parameter Handler, specifically in the file lib/inline svg/action view/helpers.rb. The manipulation of the argument filename leads to...
USN-5786-1 nautilus vulnerability
It was discovered that GNOME Files incorrectly handled certain filenames. An attacker could possibly use this issue to cause GNOME Files to crash, leading to a denial of service...
Multiple code injection vulnerabilities in ruby-git
Overview ruby-git is a Ruby library that can be used to create, read and operate Git repositories. ruby-git contains multiple code injection vulnerabilities CWE-94. Yuki Kokubun of DeNA Co., Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...
ViewVC 跨站脚本漏洞
ViewVC is a web-based tool for browsing CVS and SVN code repositories. A security vulnerability exists in ViewVC versions prior to 1.2.3 and 1.1.30, which originates from a cross-site scripting vulnerability that can be exploited by an attacker to cause the browser to run the specified code by...
External Control of Assumed-Immutable Web Parameter
Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...
GHSA-5PQ7-52MG-HR42 httparty has multipart/form-data request tampering vulnerability
Impact I found "multipart/form-data request tampering vulnerability" caused by Content-Disposition "filename" lack of escaping in httparty. httparty/lib/httparty/request body.rb def generatemultipart...
Unrestricted Logging Filename Lead to RCE
Description This vulnerability occur because there is no filename restriction for saving logging file. In this case attacker can set the filename to existing php file and append php code on it by manipulating the logged input. Proof of Concept 1. Log in using operator account, in this case i try ...
JOBE 安全漏洞
JOBE is a server for running small programming jobs in various programming languages by Richard Lobb, a personal developer. A security vulnerability exists in JOBE version 1.6.4 and earlier versions, which stems from the handling of the parameter sourcefilename that can lead to unknown...
MGASA-2022-0484 Updated thunderbird packages fix security vulnerability
Drag and Dropped Filenames could have been truncated to malicious extensions. CVE-2022-46874...
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.
...
SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:4636-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4636-1 advisory. - A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...
MeterSphere 路径遍历漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A path traversal vulnerability exists in MeterSphere versions prior to 2.5.1 that stems from allowing a user to upload a file but not validate the filename, which could result in uploading the file to an...
CVE-2021-4277
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...
CVE-2021-4277
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...
Design/Logic Flaw
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...
CVE-2021-4277 fredsmith utils Filename screenshot_sync predictable state
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...
CVE-2021-4277 fredsmith utils Filename screenshot_sync predictable state
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...