CVE-2022-24394 Authenticated Command Injection Vulnerability in Fidelis Network and Deception

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...

UBUNTU-CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing...

USN-5427-1 apport vulnerabilities

Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. CVE-2021-3899 Gerrit Venema discovered that Apport incorrectly handled connections to...

USN-5427-1: Apport vulnerabilities

Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. CVE-2021-3899 Gerrit Venema discovered that Apport incorrectly handled connections to...

GHSA-GG36-9346-9QX9 phpMyAdmin Remote Code Execution

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

GHSA-QJMG-77XH-7MJW Loggerhead XSS via filename

Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...

Loggerhead XSS via filename

Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...

GHSA-4FVG-PWV7-V54G Karteek Docsplit vulnerable to OS Command Injection

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

Karteek Docsplit vulnerable to OS Command Injection

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

GHSA-8CP3-66VR-3R4C Formidable arbitrary file upload

Withdrawn: This advisory was improperly assigned. An arbitrary file upload vulnerability in formidable v3.2.4 allows attackers to execute arbitrary code via a crafted filename...

Formidable arbitrary file upload

Withdrawn: This advisory was improperly assigned. An arbitrary file upload vulnerability in formidable v3.2.4 allows attackers to execute arbitrary code via a crafted filename...

PT-2022-19148 · Apport +2 · Apport +2

Name of the Vulnerable Software and Affected Versions: Apport affected versions not specified Description: The issue is related to Apport argument parsing, which mishandles filename splitting on older kernels, resulting in argument spoofing. Recommendations: At the moment, there is no information...

Canonical Apport 品安全漏洞

Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from incorrectly handling filename parameter...

CVE-2022-24394

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

DEBIAN-CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29353

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename...

CVE-2022-29353

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...