8767 matches found
Sql injection
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...
Gxlcms SQL注入漏洞
Gxlcms is an enterprise website creation system by Gxlcms team. Gxlcms suffers from a SQL injection vulnerability that originates from the $filename parameter in libadminactiondataaction.class.php...
apache-commons-compress: Infinite loop in name encoding algorithm
A resource consumption vulnerability was discovered in apache-commons-compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being controlled by the user, may be vulnerable to this flaw. A remote attack...
CMSuno 1.7 - (tgo) Stored Cross-Site Scripting (Authenticated) Vulnerability
Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno version 1.7 and prior ...
CMSuno 1.7 Cross Site Scripting
Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Date: 03-08-2021 Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno versi...
CVE-2021-36654
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter tgo while updating the theme...
CVE-2021-36654
CMSuno 1.7 (and earlier) is affected by an authenticated stored cross-site scripting (XSS) vulnerability. The flaw occurs in the theme update flow when the attacker can modify the filename parameter (tgo) during a template image name submission, injecting payloads via the tgo parameter to trigger...
CMSUno 跨站脚本漏洞
CMSUno is a tool for creating single-page responsive websites by the French individual developer Jacques Malgrange. A cross-site scripting vulnerability exists in CMSuno version 1.7, which can be exploited by an authenticated attacker by modifying the filename parameter tgo...
DEBIAN-CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
ALPINE-CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
Code injection
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
CVE-2021-31799
CVE-2021-31799 affects RDoc (3.11–6.x, before 6.3.1) packaged with Ruby up to 3.0.1. An attacker can execute arbitrary code via special characters in a filename when running rdoc, enabling OS command execution. The connected advisories and vendor pages confirm the issue and remediation path. Impa...
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
GO-2021-0108 CRLF vulnerability in Fiber in github.com/gofiber/fiber
Due to improper input sanitization, a maliciously constructed filename could cause a file download to use an attacker controlled filename, as well as injecting additional headers into an HTTP response...
elFinder 路径遍历漏洞
elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling, and other features. A path traversal vulnerability exists in elFinder AspNet that does not properly eliminate a file system path before creating it using a...
CVE-2021-33592
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function...
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
UBUNTU-CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...