Kindeditor 跨站脚本漏洞

KindEditor is a lightweight, open source LGPL, cross-browser, web-based WYSIWYG HTML editor. KindEditor is capable of converting standard text areas to rich text editors. an XSS vulnerability exists in KindEditor prior to version 4.1.x. The vulnerability is related to the affected version not...

Debian DLA-2780-1 : ruby2.3 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2780 advisory. Multiple vulnerabilites in ruby2.3, interpreter of object-oriented scripting language Ruby, were discovered. CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, ...

Denial Of Service (DoS)

unrar-free is vulnerable to denial of service. The vulnerability exists when DEBUGLOG mode is enabled, allows an attacker to crash the system by via an RAR archive containing a long filename...

Directory traversal

Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value 2 for chunks parameter to bypass fileName sanitization...

ProjectSend 路径遍历漏洞

ProjectSend is a free, client-oriented, private file sharing web application. A directory traversal vulnerability exists in Projectsend version r1295. An attacker can exploit this vulnerability by adding the value 2 to the chunks parameter to bypass fileName validation...

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description At File Uploads allows for arbitrary execution of JavaScript Step to Reproduct XSS at filename Goto detail of one asset At tab File choose to upload file with filename contain payload: file'name XSS when upload file .svg In list file types are allowed don't have file .svg Goto detail ...

apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

CVE-2021-27341

OpenSIS Community Edition version = 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter...

Design/Logic Flaw

OpenSIS Community Edition version = 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter...

CVE-2021-27341

OpenSIS Community Edition

CVE-2021-27341

OpenSIS Community Edition version = 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter...

OpenSIS 路径遍历漏洞

OpenSIS is the community edition of an open source enterprise content management system from Alfresco Software, Inc. The system includes document management, office collaboration and other features. openSIS Community Edition in versions prior to 7.6 there is a local file inclusion vulnerability,...

CVE-2021-40966

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...

PT-2021-23021

Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Stored XSS issue exists in TinyFileManager when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious...

DEBIAN-CVE-2021-41072

squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create th...

UBUNTU-CVE-2021-41072

squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create th...

CVE-2021-38334

The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the /wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. The WordPress plugin WP Design Maps & Places...

WP Design Maps & Places <= 1.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the /wpdmp-admin.php file which allows attackers to inject arbitrary web scripts...

Cross-site Scripting (XSS)

Overview pekeupload is a jQuery plugin that allows you to easily add multiple or single file upload functionality to your website. This plugin uses html5 only. Affected versions of this package are vulnerable to Cross-site Scripting XSS. If an attacker induces a user to upload a file whose name...