Directory traversal

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...

SecurEnvoy SecurMail Directory Traversal Vulnerability

SecurEnvoy SecurMail is an email application from SecurEnvoy USA. A directory traversal vulnerability exists in SecurEnvoy SecurMail versions prior to 9.2.501. A remote attacker can send a directory traversal vulnerability to the secupload2/upload.aspx file by sending a file with the '...' sequen...

Foxit MobilePDF for iOS Denial of Service Vulnerability

Foxit MobilePDF for iOS is China's Foxit Foxit software company's a cross iOS-based platform for mobile devices to use the PDF document reader. A denial of service vulnerability exists in the iOS-based Foxit MobilePDF application prior to version 6.1, which stems from the program's inability to...

Teclib Armadito Security Bypass Vulnerability

Teclib Armadito is an open source anti-virus software package from the Spanish company Teclib. A security vulnerability exists in the armadito-windows-driver/src/communication.c file in Teclib Armadito version 0.12.7.2, which originates when the program replaces unconvertible Unicode with '?'...

Synology Surveillance Station File and Directory Information Disclosure Vulnerability

Synology Surveillance Station is a video management application from Synology, and User Profile is one of the user information storage files. An information disclosure vulnerability exists in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station versions prior to...

Information disclosure

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter...

CVE-2017-16770

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter...

CVE-2017-16813

A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this...

CVE-2017-16813

A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this...

CVE-2018-7289

An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens...

Design/Logic Flaw

An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens...

CVE-2017-18091

The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 the fixed version for 4.4.x and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the filename of a backu...

CVE-2018-5306

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...

File upload vulnerability in ShopsN v2.2.5 official front-end AppUploadController.class.php page

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of open source online store full network system. ShopsN v2.2.5 official version of the front AppUploadController.class.php page file upload...

File upload vulnerability in the AppUploadController.class.php page in the frontend of ShopsN v2.2.5 official version (CNVD-2018-02969)

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. ShopsN v2.2.5 official version of the front AppUploadController.class.php page file...

CVE-2017-16604

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-16604

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-16597

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the...

CVE-2017-16606

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...

CVE-2017-16600

This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...