DRUPAL-CONTRIB-2020-035

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can...

Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can...

CVE-2020-27359

A cross-site scripting XSS issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a messag...

Cross site scripting

A cross-site scripting XSS issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a messag...

CVE-2020-27993

Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files...

OPENSUSE-SU-2020:1752-1 Recommended update for mailman

This update for mailman to version 2.1.34 fixes the following issues: - The fix for lp1859104 can result in ValueError being thrown on attempts to subscribe to a list. This is fixed and extended to apply REFUSESECONDPENDING to unsubscription as well. lp1878458 - DMARC mitigation no longer misses ...

CM Download Manager < 2.8.0 - Authenticated Cross-Site Scripting

The plugin does not properly validate and sanitise the uploaded filename, which could result in a Cross-Site Scripting issue. PoC Vulnerable page - 'cmdownload/add/' Vulnerable parameter - 'filename' in 'Content-Disposition' Header POST /cmdownload/add/ HTTP/1.1 Host: localhost:8081 User-Agent:...

USN-4585-1 newsbeuter vulnerabilities

It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. CVE-2017-12904 It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could us...

MedDream PACS Server 6.8.3.751 Remote Code Execution

!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Exploit Author: bzyo Twitter: @bzyo Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Date: 2020-10-01 Vulnerable Software:...

MedDream PACS Server 6.8.3.751 - Remote Code Execution (Authenticated)

!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Exploit Author: bzyo Twitter: @bzyo Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Date: 2020-10-01 Vulnerable Software:...

httpd: <FilesMatch> bypass with a trailing newline in the file name

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

SUSE-SU-2020:2711-1 Security update for libmspack

This update for libmspack fixes the following issues: Security issues fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure bsc1141680. - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal...

Ubuntu 18.04 LTS : PHPMailer vulnerability (USN-4505-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4505-1 advisory. Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted...

USN-4505-1: PHPMailer vulnerability

Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. CVE-2020-13625...

USN-4505-1 libphp-phpmailer vulnerability

Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. CVE-2020-13625...

CVE-2020-21732

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting XSS. An attacker can add JavaScript code to the filename...

PT-2020-15385 · Rukovoditel · Rukovoditel Project Management App

Name of the Vulnerable Software and Affected Versions: Rukovoditel Project Management app version 2.6 Description: The issue allows an attacker to add JavaScript code to the filename, potentially leading to Cross Site Scripting XSS attacks. Recommendations: For version 2.6, update to a newer...

CVE-2020-25248

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...

CVE-2020-25247

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter...

CVE-2020-25247

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter...