Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 CVE-2022-29464 POC exploit Usage shell us...

Multiple Store XSS via upload svg file and the file name of attachment

Description Hi There, facturascripts is vulnerable to store XSS by upload svg file, and the filename Step to produce with svg file Login as admin or any account has role Admin-Library, access Admin - library - New and upload file svg with content: alertdocument.cookie; save this. XSS will be...

CVE-2021-40680

There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...

Artica Proxy 路径遍历漏洞

Artica Proxy is an open source Artica proxy solution from Artica France. A security vulnerability exists in Artica Proxy VMWare Appliance 4.30.000000 SP273 and earlier versions and Artica Proxy versions 4.30.000000 SP206 through SP255, which stems from a lack of filtering of the filename paramete...

Exploit for Cross-site Scripting in Solutions-Atlantic Regulatory_Reporting_System

CVE-2022-29598 : Reflected Cross-Site Scripting XSS in RSS v...

SUSE-SU-2022:1272-1 Security update for gzip

This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames ZDI-CAN-16587. bsc1198062...

[SECURITY] [DSA 5122-1] gzip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5122-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2022 https://www.debian.org/security/faq -...

SUSE-SU-2022:1250-1 Security update for gzip

This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames ZDI-CAN-16587. bsc1198062 The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. bsc1180713 - Fixed a potential segfault when zli...

The vulnerability of the Jszip zip file processing library, related to improper code generation, allows a hacker to cause a service failure.

The vulnerability of the Jszip zip file processing library is related to incorrect handling of file names. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

CVE-2022-1344

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

CVE-2022-1344 Stored XSS due to no sanitization in the filename in causefx/organizr

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

USN-5378-4 gzip vulnerability

USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep...

SUSE-SU-2022:1160-1 Security update for xz

This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames ZDI-CAN-16587. bsc1198062...

SUSE-SU-2022:14938-1 Security update for xz

This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames ZDI-CAN-16587. bsc1198062...

SUSE-SU-2022:1158-1 Security update for xz

This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames ZDI-CAN-16587. bsc1198062...

Design/Logic Flaw

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

CVE-2022-24837 Enumerable upload file names in hedgedoc

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

CVE-2022-24837

The CVE-2022-24837 entry corresponds to HedgeDoc: images uploaded since v1.9.1 generate enumerable filenames, enabling potential information leakage from private notes across all upload backends (except Lutim/imgur). The underlying issue is a predictable filename generation mechanism, which has b...

CVE-2022-0892

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0892

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting...