CVE-2021-22440

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...

CVE-2021-32679

CVE-2021-32679 : In Nextcloud Server, filenames were not escaped by default in controllers using DownloadResponse prior to versions 19.0.13, 20.0.11, and 21.0.3. A user-supplied filename passed unsanitized could cause a downloaded file to have a benign extension while the content is executable, p...

PT-2021-19851 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 Description: Nextcloud Server is a package that handles data storage. In affected versions, filenames were not...

Denial Of Service (DoS)

ruby2.7:sid is vulnerable to Denial Of Service DoS. It is possible to execute arbitrary code via | and tags in a filename...

CVE-2021-35358

A stored cross site scripting XSS vulnerability in dotAdmin//c/cImages of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters...

CVE-2021-30119

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request:...

Dotcms dotCMS 跨站脚本漏洞

dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...

WordPress 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in WordPress Plugin CM Download Manager, which can be...

Directory Traversal

Overview elFinder.AspNet is an elFinder ASP.NET backend Affected versions of this package are vulnerable to Directory Traversal. The user-controlled file name is not properly sanitized before it is used to create a file system path. PoC A test environment is within the GitHub repository and can b...

CRLF vulnerability in Fiber

Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...

Authentication flaw

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources...

Weidmueller Industrial WLAN 操作系统命令注入漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. The Weidmueller Industrial WLAN devices suffer from an operating system command injection vulnerability that can be exploited by an attacker via a specially crafted diagnostic script filename to cause user input ...

CVE-2021-29960

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk...

Vanilla Forums 跨站脚本漏洞

Vanilla Forums is a PHP-based open source forum program from Canadian company Vanilla Forums. A cross-site scripting vulnerability exists in versions of vanilla forums prior to 2.0.10, which stems from a filename that may contain arbitrary code to be executed on the client side...

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

CVE-2021-24349

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lac...

CVE-2021-24035

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...

CVE-2021-24035

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...

Path traversal

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...