Directory traversal

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...

ASUSTOR AS6202T ADM Directory Traversal Vulnerability

ADM ASUSTOR Data Manager is the operating system and user interface for ASUSTOR NAS. A directory traversal vulnerability exists in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3. An attacker can exploit this vulnerability to navigate the file system via the filename parameter...

Pluck Cross-Site Scripting Vulnerability

pluk is a simple content management system CMS written in PHP. A security vulnerability exists in versions prior to pluck 4.7.6, which stems from the program failing to properly restrict the character set for filenames. A remote attacker can exploit this vulnerability to inject arbitrary web scri...

Open Redirect

hekto is vulnerable to open redirect attacks. The vulnerability exists when the html filename contains the target domain name to be redirected...

CVE-2018-11319

Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...

Trend Micro Endpoint Application Control FileDrop Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Endpoint Application Control. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileDrop servlet. When parsing filenames, the process does no...

Path traversal

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

Remote Code Execution (RCE)

buttle is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the lack of sanitization of php filenames, allowing arbitrary code in the filename to be executed when run with the --php-bin option...

Mozilla Firefox Filename Spoofing Vulnerability

Mozilla Firefox browser Firefox is a free and open source browser for Windows, Linux and MacOSX platforms. A filename spoofing vulnerability exists in Mozilla Firefox in the Download panel. A remote user can use Unicode characters to spoof filenames in the Download panel...

UBUNTU-CVE-2018-5182

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects...

Cross-site Scripting (XSS)

cloudcmd is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the improper sanitization of filename which allows arbitrary javascript code to be executed when rendered...

PT-2018-1370 · Pdfinfojs · Pdfinfojs

Name of the Vulnerable Software and Affected Versions: pdfinfojs versions = 0.3.6 pdfinfojs versions prior to 0.4.1 Description: The issue is related to a lack of neutralization of special elements in input commands for the pdfinfojs module. This can be exploited by a remote attacker to execute...

DEBIAN-CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

CVE-2018-9118

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter...

CVE-2018-9118

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter...

CVE-2018-7659

In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file...

Ffmpeg Denial of Service Vulnerability (CNVD-2018-08525)

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A denial of service vulnerability exists in the export function of libavfilter/vfsignature.c in Ffmpeg 3.4.2 and earlier versions. A remote attack...

Code injection

The export function in libavfilter/vfsignature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via a long filename...

CVE-2018-9841

The export function in libavfilter/vfsignature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via a long filename...

CVE-2018-9841

The export function in libavfilter/vfsignature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via a long filename...