CVE-2017-2550

Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename...

CVE-2017-2550

CVE-2017-2550 affects Easy Joomla Backup v3.2.4 (Joomla plugin). The vulnerability arises when the plugin creates a copy of a backup file in the web root with a poorly secured, easily guessable filename, enabling an attacker to access the copied backup contents. This is described across multiple ...

CVE-2015-5186

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames...

CVE-2015-5186

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames...

CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...

DEBIAN-CVE-2015-5186

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames...

CVE-2015-5186

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames...

CVE-2015-5705

CVE-2015-5705 affects devscripts prior to 2.15.7. The issue allows remote attackers to overwrite arbitrary files via a crafted symlink and filename, due to an argument injection vulnerability in devscripts. Impact is arbitrary file writes; several advisories note fixes in 2.15.7 and later (e.g., ...

CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...

CVE-2015-0783

The FileViewer class in Novell ZENworks Configuration Management ZCM allows remote authenticated users to read arbitrary files via the filename variable...

Axis 2100 Network Camera 2.43 Cross Site Scripting

i?+ Title: Axis 2100 Network Camera 2.43 - Reflected XSS + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] + Author Company: Henceforth + CVE: CVE-2017-12413 Vendor: =============== https://www.axis.com/ Vulnerability Type: =================== Reflected Cross Site Scripting...

evince: command injection via filename in tar-compressed comics archive

It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar CBT files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program...

Unikrn: Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename

Thanks again @sp1d3rs, also for the summary. Nothing to add from our side except maybe for the wish for more reports having this quality. Final comment: nothing from that bucket was ever exposed to any user except the uploader, also nothing in the bucket is there for real archiving purposes. I wa...

Tilde CMS Arbitrary File Upload Vulnerability

Tilde CMS is a web content management system CMS. A security vulnerability exists in Tilde CMS version 1.0.1. The vulnerability can be exploited to bypass arbitrary file upload restrictions by manipulating the filename.+php file...

CVE-2017-11326

An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation...

CVE-2017-11441

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297...

CVE-2017-11441

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297...

EMC RSA Authentication Manager Cross-Site Scripting Vulnerability (CNVD-2017-24569)

EMC RSA Authentication Manager is a centralized binary authentication software from EMC. The software centralizes the management of binary authentication, security tokens, methods and users across physical sites. A cross-site scripting vulnerability exists in EMC RSA Authentication Manager 8.2 SP...

Various XSS through a repository or review filename - CVE-2017-9508

Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...

unrar-free 'unrarlib.c' denial of service vulnerability (CNVD-2017-23304)

unrar-free is a decompression program used in Linux. A security vulnerability exists in the unrarlib.c file in unrar-free version 0.0.1. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer overflow and application crash via a RAR archive file containing a lon...