CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

UBUNTU-CVE-2022-29622

DISPUTED An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29353

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29622

CVE-2022-29622 affects the Node.js Formidable module (v3.1.4) via an arbitrary file upload vulnerability caused by improper validation of file extensions, enabling a crafted filename to execute code on vulnerable systems. Public details describe that some parties dispute the severity or validity ...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

Ansible uses a socket with predictable filename in /tmp

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

GHSA-FJ24-GHP9-39V3 Ansible uses a socket with predictable filename in /tmp

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

GHSA-X9FV-C87W-55WC Improper Control of Generation of Code in Apache Camel

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple" in a CamelFileName message header to a 1 FILE or 2 FTP producer...

Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

CVE-2022-28919

HTMLCreator releasestable2020-07-29 was discovered to contain a cross-site scripting XSS vulnerability via the function generateFilename...

DEBIAN-CVE-2022-28919

HTMLCreator releasestable2020-07-29 was discovered to contain a cross-site scripting XSS vulnerability via the function generateFilename...

PT-2022-19312 · Unknown +2 · Htmlcreator +2

Name of the Vulnerable Software and Affected Versions: HTMLCreator release stable 2020-07-29 dokuwiki affected versions not specified Description: A cross-site scripting XSS issue was discovered in the generateFilename function. This allows for potential malicious script execution. No information...

CVE-2022-28913

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting...

CVE-2022-28912

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...

CVE-2022-28911

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate...

CVE-2022-28913

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting...

CVE-2022-28912

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...

CVE-2022-28913

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting...