OpenEMR Path Traversal Vulnerability

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A path traversal vulnerability exists in the 'fileName' parameter of the...

CVE-2016-10977

The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal...

CVE-2019-16318

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

CVE-2019-16123

PilusCart <=1.4.1 is affected by a Local File Inclusion in catalog.php due to mis-handling of the filename parameter, allowing disclosure of sensitive files via path traversal (../). The issue is documented in multiple sources (NVD entry CVE-2019-16123; Nuclei template: PilusCart =1.4.2 or app...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

Design/Logic Flaw

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

GGPowerShell / Windows PowerShell Remote Command Execution

from base64 import b64encode from base64 import b64decode from socket import import argparse,sys,socket,struct,re GGPowerShell Microsoft Windows PowerShell - Unsantized Filename RCE Dirty File Creat0r. Original advisory:...

PilusCart 1.4.1 - Local File Disclosure

Exploit Title: PilusCart = 1.4.1 - Local File Disclosure Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://sourceforge.net/projects/pilus/ Version: = 1.4.1 Tested on: Ubuntu 18.04.1 The e-commerce software 'PilusCart' is not validating the...

OS Command Injection in Rake

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

Open Redirection

HTTPie is vulnerable to open redirection. An attacker is able to redirect a request to an arbitrary URL due to the way an output filename is generated when --download without --output results in a redirect...

CVE-2019-15074

The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...

Cross site scripting

The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...

CVE-2019-15074

CVE-2019-15074 describes a stored XSS in MantisBT (Timeline feature in my_view_page.php) affecting versions up to 2.21.1. The vulnerability occurs when an attacker uploads an attachment with a crafted filename; the injected script is executed for any user who can view the issue when My View Page ...

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

PT-2019-13988 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.6.0 through the version before WSO2-CARBON-PATCH-4.4.0-4457 Description: The issue is related to a crafted filename that can cause XSS via the file-upload feature of the event simulator component. Recommendations:...

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2019-15027

The MediaTek Embedded Multimedia Card eMMC subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clearemmcnomediaentry in platform/mt6577/external/meta/emmc/metaclremmc.c...

Windows PowerShell - Unsanitized Filename Command Execution Exploit

''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell...