Stack overflow

unrarlib.c in unrar-free 0.0.1, when DEBUGLOG mode is enabled, might allow remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via an RAR archive containing a long filename...

DEBIAN-CVE-2017-11190

unrarlib.c in unrar-free 0.0.1, when DEBUGLOG mode is enabled, might allow remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via an RAR archive containing a long filename...

CVE-2017-11190

unrarlib.c in unrar-free 0.0.1, when DEBUGLOG mode is enabled, might allow remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via an RAR archive containing a long filename...

CVE-2017-11190

unrarlib.c in unrar-free 0.0.1, when DEBUGLOG mode is enabled, might allow remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via an RAR archive containing a long filename...

CVE-2017-10975

Cross-site scripting XSS vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despit...

Cross site scripting

Cross-site scripting XSS vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despit...

CVE-2017-10975

Cross-site scripting XSS vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despit...

CVE-2017-10975

Cross-site scripting XSS vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despit...

Synology Photo Station Cross-Site Scripting Vulnerability

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology, a Chinese company. A cross-site scripting vulnerability exists in Synology Photo Station. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via...

Heap overflow

Heap-based Buffer Overflow in the dedotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service daemon crash or possibly have unspecified other impact via a crafted filename...

CVE-2017-10671

Heap-based Buffer Overflow in the dedotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service daemon crash or possibly have unspecified other impact via a crafted filename...

Updated weechat packages fix security vulnerability

It was discovered that weechat is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC CVE-2017-8073...

Code injection

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

UBUNTU-CVE-2017-9993

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

DEBIAN-CVE-2017-9993

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

CVE-2017-9993

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

Ffmpeg Arbitrary File Read Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg because the program fails to properly restrict HTTP Live Streaming filename extensions and demuxer names. The vulnerability can be exploited to rea...

WordPress Newsletter Supsystic Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Newsletter Supsystic version 1.1.7 due to an error...

CVE-2017-8915

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...

CVE-2015-5468

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter to includes/download.php...