CVE-2021-24035

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...

Rockwell Automation ISaGRAF 路径遍历漏洞

Rockwell Automation ISaGRAF is an automation software technology for creating integrated automation solutions from Rockwell Automation. It is designed to be scalable and portable and is suitable for developing small controllers and large distributed automation systems. A security vulnerability...

UBUNTU-CVE-2021-29960

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk...

Mozilla Firefox信息泄露漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox in version 89 and earlier versions, which stems from the fact that Firefox caches the last filename used to print a file. Firefox...

Mozilla Firefox < 89.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 89.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-23 advisory. - Mozilla developers Christian Holler, Anny Gakhokidze, Alexandru Michis, Gabriele Svelto reported memory safet...

AMSITrigger - The Hunt For Malicious Strings

Hunting for Malicious Strings Usage: AMSI calls xmas tree mode -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater for, default=2048 -c, --chunksize=VALUE Chunk size to send to AMSIScanBuffer, default=4096 -h, -?, --help Show Help " -i, --inputfile=VALUE...

Directory traversal

A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the 1 folder, 2 filename, and 3 newfilename variables in app\edit\filerename.php...

libvncserver: buffer overflow in ConnectClientToUnixSock()

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename...

OS Command Injection in pulverizr

pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

GHSA-FMF5-J5J9-99PP OS Command Injection in pulverizr

pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

USN-4932-1 python-django vulnerability

It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories...

libpano13 -- arbitrary memory access through format string vulnerability

libpano13 developers reports: Fix crash and security issue caused by malformed filename prefix...

CVE-2021-31865

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments...

GHSA-75C5-F4GW-38R9 Multiple vulnerabilities through filename manipulation in Archive_Tar

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. See: https://github.com/pear/ArchiveTar/issues/33...

Multiple vulnerabilities through filename manipulation in Archive_Tar

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. See: https://github.com/pear/ArchiveTar/issues/33...

GHSA-5CHJ-XPRR-7QQX Cross-site Scripting in GwtUpload

The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename...

UBUNTU-CVE-2021-29949

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...

360 Antivirus has a logic flaw vulnerability

360 Antivirus is a free cloud-based security antivirus program. 360 Antivirus has a logic flaw vulnerability. When the sum of the length of the file directory and the length of the virus filename is not less than 260 characters, an attacker can exploit the vulnerability by padding the middle of t...

GHSA-3C67-GC48-983W Path Traversal in Ansible

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...