openSUSE Security Update : php7 (openSUSE-2020-80)

This update for php7 fixes the following issues : - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. - CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. - CVE-2019-11047, CVE-2019-11050: Fixed...

Security update for php7 (moderate)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:0080-1 Rating: moderate References: 1159922 1159923 1159924 1159927 Cross-References: CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Affected Products: openSUSE Leap 15.1 An update that fixes four...

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

UBUNTU-CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

nginx 0.8.x < 0.8.33 / 0.7.x < 0.7.65 Windows Filename Pseudonyms (CORE-2010-0121)

According to its server response header, the installed version of nginx is 0.7.52 and prior to 0.7.65, or 0.8.x prior to 0.8.33. It is, therefore, affected by a flaw in Windows installations of nginx. This is due to nginx mishandling DOS-compatible 8.3 short filenames. An unauthenticated, remote...

Cross site scripting

The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting XSS vulnerability via a malicious filename rendered in a directory listing...

CVE-2019-15603

The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting XSS vulnerability via a malicious filename rendered in a directory listing...

MGASA-2019-0417 Updated filezilla packages fix security vulnerability

Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. For other fixes in this update,...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libmspack Multiple Vulnerabilities (NS-SA-2019-0237)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libmspack packages installed that are affected by multiple vulnerabilities: - In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum...

Cross-Site Scripting (XSS)

fileview is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a user's browser via the filename parameter as there was no validation and sanitization on filenames...

Cross site scripting

Cross-site scripting XSS vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

CVE-2014-4535

CVE-2014-4535 is a cross-site scripting vulnerability in WordPress Import Legacy Media plugin (versions = 0.1 (or patch) as indicated by the sources. If exploitation details are not provided in a given document, they are not assumed here.”}

CVE-2014-4544

Cross-site scripting XSS vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php...

CVE-2014-4539

Cross-site scripting XSS vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

CVE-2014-4544

Cross-site scripting XSS vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php...

CVE-2014-4539

CVE-2014-4539 : A cross-site scripting (XSS) flaw in the WordPress Movies plugin (versions 0.6 and earlier) exists due to insufficient validation in the filename parameter of getid3/demos/demo.mimeonly.php. This allows remote attackers to inject arbitrary script/HTML, potentially executing code i...

File Containment Vulnerability in Huake Network Enterprise Management System

Huake Enterprise Management System is an intelligent website builder based on PHP+MySQL, with only one set of templates, 3 channel models + 1 detail model, and no duration of use or functionality limitations. Huake Network Enterprise Management System has a file inclusion vulnerability, which can...

CVE-2019-19497

MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...

Cross site scripting

MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...