CVE-2019-19497

MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...

The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV allows a malicious individual to gain unauthorized access to arbitrary reports.

The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV is related to the insecure direct object reference IDOR. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to arbitrar...

VulnCheck KEV: CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...

CVE-2019-18331

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacke...

Gemalto SafeNet Sentinel LDK License Manager Backlink Vulnerability

SafeNet Sentinel LDK License Manager is a license manager. A backlink vulnerability exists in Gemalto SafeNet Sentinel LDK License Manager. The vulnerability arises from a network system or product that does not properly filter the filenames of links or shortcuts that represent unintended...

DEBIAN-CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...

CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...

CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...

UBUNTU-CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...

CVE-2019-18180

Summary of CVE-2019-18180 : An improper check for filenames with overly long extensions in OTRS Community Edition (PostMaster and file uploads) could trigger an endless loop. Affected: OTRS AG/Community Edition 5.0.x (≤5.0.38), 6.0.x (≤6.0.23), and 7.0.x (≤7.0.12). Consequence: potential denial o...

DEBIAN-CVE-2019-19451

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...

CVE-2019-19451

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...

CVE-2019-19451

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...

Parallels Plesk Panel Cross-Site Scripting Vulnerability (CNVD-2020-41525)

Parallels Plesk Panel is a control panel for the Plesk web hosting platform from Parallels USA. A cross-site scripting vulnerability exists in Parallels Plesk Panel version 9.5 in target/locales/tr-TR/help/index.htm? that can be exploited to inject JavaScript via the "fileName" parameter...

CVE-2019-17523

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...

Cross site scripting

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...

PT-2021-24018 · Roundcube +3 · Roundcube +3

Name of the Vulnerable Software and Affected Versions: Roundcube versions prior to 1.3.17 Roundcube versions 1.4.x prior to 1.4.12 Description: The issue is related to XSS in handling an attachment's filename extension when displaying a MIME type warning message. Recommendations: For versions pri...

openssh: scp client improper directory name validation

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

SUSE-SU-2019:2890-1 Security update for samba

This update for samba fixes the following issues: - CVE-2019-10218: Client code can return filenames containing path separators bsc1144902...

CVE-2019-16295

Stored XSS in filemanager2.php in CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.885 exists via the cmdarg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim...