8767 matches found
EyouCMS directory traversal vulnerability
EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. The vulnerability stems from a lack of input data validation for the tpldir, filename, type, and nid parameters. An attacker could use this...
CVE-2021-39496
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into filename param to trigger Reflected XSS...
Cross site scripting
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into filename param to trigger Reflected XSS...
Eyoucms 路径遍历漏洞
EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. The vulnerability stems from a lack of input data validation for the tpldir, filename, type, and nid parameters. An attacker could use this...
EyouCms 跨站脚本漏洞
EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. The vulnerability stems from the lack of validation of input data in Eyoucms. An attacker could use this vulnerability to inject malicious cod...
file-upload-with-preview 跨站脚本漏洞
file-upload-with-preview is a simple file upload utility that displays a preview of an uploaded image. Written in pure JavaScript. No dependencies. Works with Bootstrap 4 or without frameworks. A cross-site scripting vulnerability exists in file-upload-with-preview, which can be exploited to uplo...
Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF
The plugin does not have CSRF in place, which could allow attacker to make a logged in admin change arbitrary uploaded media title, filename, as well as locking state via a CSRF attack Notes: - We were unable to reproduce the issue from an attacker point of view, the endpoints are expecting JSON...
Squashfs-Tools has an unspecified vulnerability
Squashfs-Tools is an open source package. version 4.5 of Squashfs-Tools contains a security vulnerability that stems from the squashfsopendir function in unsquash-1.c in the software that is responsible for storing the filenames in directory entries, which is then used by unsquashfs to create new...
ALPINE-CVE-2021-40153
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
DEBIAN-CVE-2021-40153
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
AZL-7463 CVE-2021-40153 affecting package squashfs-tools for versions less than 4.5.1-1
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
Path traversal
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
UBUNTU-CVE-2021-40153
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
CVE-2021-38611
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...
CVE-2021-38611
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...
NASCENT RemKon Device Manager 命令注入漏洞
NASCENT RemKon Device Manager is a NASCENT web application that is deployed in logistics centers as a single management platform for managing various settings and configurations for Automatic Gate Systems AGS and other Nascent products. A security vulnerability in NASCENT RemKon Device Manager...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
The vulnerability of the Thunderbird email client arises from insufficient validation of input data, allowing a hacker to insert any desired name as an attachment.
The vulnerability of the Thunderbird email client exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject any desired name into the attachment’s filename...
CVE-2020-20975
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...
CVE-2020-20975
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...