CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represen...

PT-2018-2214 · Gnu +5 · Gnupg +5

Name of the Vulnerable Software and Affected Versions: GnuPG versions prior to 2.2.8 Description: The issue is related to the mishandling of the original filename during decryption and verification actions in the mainproc.c component. This allows remote attackers to spoof output sent to other...

UBUNTU-CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represen...

GHSA-3PXP-6963-46R9 Command Injection in pdfinfojs

Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later...

Command Injection in pdfinfojs

Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later...

PT-2018-16137 · Node.Js · Angular-Http-Server

Name of the Vulnerable Software and Affected Versions: angular-http-server versions prior to 1.6.0 Description: The angular-http-server node module has a Path Traversal issue due to the lack of validation of the possibleFilename variable, allowing a malicious user to read the content of any file...

Synology Office Cross-Site Scripting Vulnerability

Synology Office is a web-based office software system from Synology. Title Tootip is a component of Synology Office that allows you to create documents and spreadsheets online and import local files. A cross-site scripting vulnerability exists in the Title Tootip component in Synology Office...

CVE-2018-3743

Open redirect in hekto =0.2.3 when target domain name is used as html filename on server...

CVE-2018-3743

Open redirect in hekto =0.2.3 when target domain name is used as html filename on server...

CVE-2018-3743

Open redirect in hekto =0.2.3 when target domain name is used as html filename on server...

PT-2018-16165 · Hekto · Hekto

Name of the Vulnerable Software and Affected Versions: hekto versions prior to 0.2.4 Description: The issue is related to an open redirect when a domain name is used as part of the .html filename on the server. Recommendations: Update to version 0.2.4 or later...

MGASA-2018-0261 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...

CentOS 7 : thunderbird (CESA-2018:1725)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

RHEL 6 : thunderbird (RHSA-2018:1726)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1726 advisory. - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Use-after-free with SVG animations and clip...

Mozilla: Filename spoofing for external attachments

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

Mozilla: Filename spoofing for external attachments

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

UBUNTU-CVE-2018-5170

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2018-11341

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...

CVE-2018-11345

An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...