Nagios XI Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection', 'Description' = %q This module exploits a command injection...

Mozilla: Thunderbird might execute an alternative OTR library

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...

VulnCheck KEV: CVE-2018-9118

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter...

VulnCheck KEV: CVE-2020-23972

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double...

USN-4902-1 python-django vulnerability

Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories...

The vulnerability of the implementation of the GPU-based terminal emulator protocol in GPU Kitty relates to the absence of measures to neutralize special elements. This allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the GPU-based terminal emulator’s protocol implementation is related to the lack of filename cleaning when returning error messages. Exploiting this vulnerability can allow remote attackers to gain access to confidential data, compromise its integrity, and cause service...

Nokia NetAct 18A Filename Change Code Execution Vulnerability

Nokia NetAct 18A is an application system from NOKIA, Finland. It provides best-in-class applications for seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A that allows an attacker to...

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

OPENSUSE-SU-2021:0473-1 Security update for hawk2

This update for hawk2 fixes the following issues: - Update to version 2.6.3: Remove hawkinvoke and use capture3 instead of runas bsc1179999CVE-2020-35459 Remove unnecessary chmod bsc1182166CVE-2021-25314 Sanitize filename to contains whitelist of alphanumeric bsc1182165 This update was imported...

SUSE-SU-2021:0943-1 Security update for hawk2

This update for hawk2 fixes the following issues: - Update to version 2.6.3: Remove hawkinvoke and use capture3 instead of runas bsc1179999CVE-2020-35459 Remove unnecessary chmod bsc1182166CVE-2021-25314 Sanitize filename to contains whitelist of alphanumeric bsc1182165...

SUSE-SU-2021:0942-1 Security update for hawk2

This update for hawk2 fixes the following issues: - Update to version 2.6.3: Remove hawkinvoke and use capture3 instead of runas bsc1179999CVE-2020-35459 Remove unnecessary chmod bsc1182166CVE-2021-25314 Sanitize filename to contains whitelist of alphanumeric bsc1182165...

SUSE-SU-2021:0941-1 Security update for hawk2

This update for hawk2 fixes the following issues: - Update to version 2.6.3: Remove hawkinvoke and use capture3 instead of runas bsc1179999CVE-2020-35459 Remove unnecessary chmod bsc1182166CVE-2021-25314 Sanitize filename to contains whitelist of alphanumeric bsc1182165...

CVE-2021-25277

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component...

ExpressionEngine 6.0.2 PHP Code Injection

---------------------------------------------------------------------------- ExpressionEngine security-sanitizefilename$file; 366. 367. $destdir = $this-languagesdir . $language . '/'; 368. $filename = $file . 'lang.php'; 369. $destloc = $destdir . $filename; 370. 371. $str = 'lang-loadfile$file;...

CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

CVE-2021-27888

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

Cross site scripting

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

CVE-2021-26567

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options...