PT-2019-13349 · Owasp · Owasp Modsecurity Core Rule Set

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS version 3.0.2 Description: An issue was discovered where the use of X.Filename instead of X Filename can bypass some PHP Script Uploads rules. This occurs because PHP automatically transforms dots into...

Fedora Update for filezilla FEDORA-2019-7b9af09b17

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

CVE-2018-16386

SWIFT Alliance Web Platform 7.1.23 is affected. The issue is a log injection vulnerability where PATH_INFO to swp/login/EJBRemoteService/ can lead to arbitrary log filename and injection in error logs (null@java:comp/env/ error messages) as described in CVE-2018-16386 entries. The connected docum...

CVE-2019-12905

FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01...

Netdata HTTP Header Injection Vulnerability

Netdata is a real-time Linux performance monitoring tool. Netdata 1.10.0 suffers from an HTTP Header injection vulnerability. An attacker can exploit this vulnerability via the api/v1/data filename parameter to perform HTTP Header injection attacks...

DEBIAN-CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

UBUNTU-CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2019-12143

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WSFTP usernames as well as filenames...

PT-2019-12655 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: Progress ipswitch WS FTP Server versions prior to 8.6.1 Description: A Directory Traversal issue was discovered in SSHServerAPI.dll. An attacker can supply a string using special patterns via the SCP protocol to disclose WS FTP usernames as...

PT-2019-4576 · Moxa · Moxa Awk-3121

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: The issue allows an attacker to execute commands on the device due to insufficient argument validation in a command. This can be exploited by a remote attacker to execute arbitrary commands with root...

HPE Intelligent Management Center (IMC) Denial of Service Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A dbman Opcode 10003 'Filename' denial of service vulnerability exists in HPE Intelligent Management Cente...

CVE-2019-12739

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...

Remote code execution

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...

CVE-2019-12739

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...

Vulnerability of the handler/script in the “download.php” file of the information system development platform: An exploit that allows an attacker to read arbitrary files on the server.

The vulnerability in the handler/download.php script of the information system development platform exists due to insufficient checking of the POST parameter filename. Exploiting this vulnerability allows a malicious actor to read the contents of arbitrary files on the server using a specially...

Design/Logic Flaw

serendipitymoveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename...

CVE-2016-10752

serendipitymoveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename...

CVE-2016-10752

serendipitymoveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename...