Debian DSA-4819-1 : kitty - security update

Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat. C Tenable Network Security,...

CVE-2020-35715

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the uploadsettings.cgi page...

Dolibarr Remote Code Execution Vulnerability (CNVD-2020-73750)

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A...

CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

Dolibarr ERP/CRM 参数注入漏洞

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A...

UBUNTU-CVE-2020-35605

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message...

springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application

A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download RFD attack is possible when a "Content-Disposition" header is set in response to where the filename attribute is derived from user supplied input. The highest threat from this vulnerabili...

PT-2020-17111 · Unknown · Car Rental Management System

Name of the Vulnerable Software and Affected Versions: Car Rental Management System version 1.0 Description: An issue was discovered in the Car Rental Management System where an unauthenticated user can perform a file inclusion attack against the "/index.php" file with a partial filename in the...

PT-2020-13067 · Silver Peak · Orchestrator +1

Name of the Vulnerable Software and Affected Versions: Silver Peak Unity ECOSTM ECOS appliance software versions prior to 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0 Description: The configuration backup/restore function in the software directly incorporates the user-controlled conf...

Arbitrary Code Injection

Amendment This was deemed not a vulnerability. Overview ejs is a popular JavaScript templating engine. Affected versions of this package are vulnerable to Arbitrary Code Injection via the render and renderFile. If external input is flowing into the options parameter, an attacker is able run...

MGASA-2020-0453 Updated php-pear packages fix security vulnerabilities

Filename manipulation vulnerabilities CVE-2020-28948 / CVE-2020-28949 Updated also ArchiveTar to 1.4.11...

Updated php-pear packages fix security vulnerabilities

Filename manipulation vulnerabilities CVE-2020-28948 / CVE-2020-28949 Updated also ArchiveTar to 1.4.11...

Arbitrary Code Execution

ncompress is vulnerable to arbitrary code execution. A stack-based buffer overflow in the comprexx function allows remote attackers to execute arbitrary code via a long filename argument...

Authentication Bypass

php-horde-gollem is vulnerable to authentication bypass. The File Manager gollem module allows remote attackers to bypass Horde authentication for file downloads via a malicious fn parameter that corresponds to the exact filename...

USN-4654-1 php-pear vulnerabilities

It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code...

CVE-2020-29381

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...

Command injection

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...

Cross site scripting

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter...

CVE-2020-29133

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter...