UBUNTU-CVE-2019-20916

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

Denial of Service in express-fileupload

Versions of express-fileupload prior to 1.1.6-alpha.6 are vulnerable to Denial of Service. The package causes server responses to be delayed up to 30s in internal testing if the request contains a large filename of . characters. Recommendation Upgrade to version 1.1.6-alpha.6 or later...

CVE-2020-25104

eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension...

GHSA-WM7Q-RXCH-43MX Byass due to validation before canonicalization in serve

Versions of serve before 6.5.2 are vulnerable to the bypass of the ignore functionality. The bypass is possible because validation happens before canonicalization of paths and filenames. Example: Here we have a server that ignores the file test.txt. const serve = require'serve' const server =...

Advantech iView NetworkServlet findUpdateDeviceListExport Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the findUpdateDeviceListExport method of the NetworkServlet...

CVE-2020-19890

DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $GET'file' is filename,and as there is no filter function for security, you can read any file's content...

CVE-2020-23574

When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfilename1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash...

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits th...

UBUNTU-CVE-2020-17448

Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension...

CVE-2020-17448

Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension...

Denial Of Service (DoS)

libvncserver is vulnerable to denial of service DoS. The vulnerability exists as libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename...

Debian DLA-2306-1 : libphp-phpmailer security update

It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...

(0Day) IBM Informix bts_tracefile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Informix. Authentication is required to exploit this vulnerability. The specific flaw exists within the btstracefile function. When parsing the trace filename, the process does not properly...

Crlf injection

In Fiber before version 1.12.6, the filename that is given in c.Attachment https://docs.gofiber.io/ctxattachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the...

CVE-2020-15111

CVE-2020-15111 affects Fiber prior to 1.12.6. The filename passed to c.Attachment() is not escaped, enabling a CRLF injection when a user-supplied filename is used. This can allow an attacker to alter the downloaded filename, redirect to another site, or modify the HTTP headers (e.g., Authorizati...

CVE-2020-15009

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...

VulnCheck KEV: CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

HelloWeb 2.0 - Arbitrary File Download

Exploit Title: HelloWeb 2.0 - Arbitrary File Download Date: 2020-07-09 Vendor Homepage: https://helloweb.co.kr/ Version: 2.0 Latest and previous versions Exploit Author: bRpsd Contact Author: cyatlive.no Google Dork: inurl:exec/file/download.asp Type: WebApps / ASP...

SUSE-SU-2020:1661-2 Security update for php7

This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999...

CVE-2020-15415

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472...