USN-4359-2 apt vulnerability

USN-4359-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted...

GHSA-F7HX-FQXW-RVVJ Insufficient output escaping of attachment names in PHPMailer

Impact CWE-116: Incorrect output escaping. An attachment added like this note the double quote within the attachment name, which is entirely valid: $mail-addAttachment'/tmp/attachment.tmp', 'filename.html";.jpg'; Will result in a message containing these headers: Content-Type:...

PHP Input Validation Error Vulnerability (CNVD-2020-33148)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. An...

USN-4359-1 apt vulnerability

It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash...

CVE-2020-2003

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8....

CVE-2020-2008

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affect...

CVE-2020-2003

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8....

Xxe

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in...

OS Command Injection

newsbeuter is vulnerable to OS Command Injection. Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a...

CVE-2019-18867

Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/...

MTN Group: XMLRPC, Enabling XPSA and Bruteforce and DOS + A file disclosing installer-logs.

Summary: XMLRPC+Installerlogs+BackupFilename+Adminusername+disclosure Steps To Reproduce: 1. I was able to successfully exploit XMLRPC with the traditional method, the brute-force was done the username was there in the Installer Logs 2. path to XMLRPC is http://13.92.255.102/xmlrpc.php + the...

Directory traversal

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

Gigamon GigaVUE Code Issue Vulnerability

Gigamon GigaVUE is a set of network monitoring solutions from Gigamon, USA. The product supports features such as network traffic monitoring and sensitive data obfuscation. A security vulnerability exists in the upload function of Gigamon GigaVUE version 5.5.01.11. A remote attacker can exploit t...

Gigamon GigaVUE Path Traversal Vulnerability

Gigamon GigaVUE is a set of network monitoring solutions from Gigamon, USA. The product supports features such as network traffic monitoring and sensitive data obfuscation. A path traversal vulnerability exists in the upload function in Gigamon GigaVUE version 5.5.01.11. An attacker can exploit...

CVE-2020-12251

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...

CVE-2020-12251

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...

Remote code execution

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter...

Playable 9.18 Script Insertion / Arbitrary File Upload

Document Title: =============== Playable v9.18 iOS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2198 Release Date: ============= 2020-04-16 Vulnerability Laboratory ID VL-ID: ==================================== 2198...

CVE-2019-14021

Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length and payload size received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in...

Buffer overflow

Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length and payload size received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in...