CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

Arbitrary File Overwrite

Apache Tomcat Catalina is vulnerable to directory traversal. Lack of validation of WAR file name allows the attacker to create or overwrite arbitrary files using dot dot .. using a WAR filename...

Null pointer dereference

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path...

PT-2019-1440

Name of the Vulnerable Software and Affected Versions OpenSSH versions 7.9 Description The issue is related to the scp client in OpenSSH, which allows a malicious server to bypass intended access restrictions. This can be achieved by manipulating the filename, such as using . or an empty filename...

PT-2019-1442 · Openssh +6 · Openssh +6

Name of the Vulnerable Software and Affected Versions: OpenSSH version 7.9 Description: The issue is related to insufficient access control in the OpenSSH utility, specifically in the refresh progress meter function. This can allow a remote attacker to disclose protected information or execute...

Mozilla: Out-of-bounds write with malicious MAR file

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...

DEBIAN-CVE-2018-16849

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

PYSEC-2018-92

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

PYSEC-2018-92

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

PT-2018-13771 · Openstack +1 · Openstack-Mistral +1

Name of the Vulnerable Software and Affected Versions: openstack-mistral affected versions not specified Description: A flaw in openstack-mistral allows the disclosure of the presence of arbitrary files within the filesystem of the executor running the action. This is achieved by manipulating the...

Path traversal

MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename...

CVE-2018-8955

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged...

CVE-2018-8955

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged...

CVE-2018-18547

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dira parameter, or the filename to the list/directory/ URI...

CVE-2018-18548

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

Design/Logic Flaw

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

PYSEC-2018-107

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

PYSEC-2018-107

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

Code injection

chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...