8766 matches found
UBUNTU-CVE-2017-9061
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...
DEBIAN-CVE-2017-9061
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...
CVE-2017-9061
In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...
PlaySms Remote Code Execution Vulnerability (CNVD-2017-10383)
PlaySMS is an open source WEB SMS platform. A remote code execution vulnerability exists in PlaySms. The vulnerability stems from poor filtering on the "sendfromfile.php" page, resulting in the construction of malformed filenames to bypass authentication, which can be exploited by an attacker to...
PlaySms 1.4 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: PlaySMS 1.4 Code Execution using $filename and Unrestricted File Upload in sendfromfile.php Date: 14-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact:...
Trend Micro Threat Discovery Appliance Arbitrary Code Execution Vulnerability (CNVD-2017-06836)
The Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security...
Simple File Uploader - Arbitrary File Download
Simple File Uploader - Arbitrary File Download Exploit Title: Simple File Uploader - Arbitrary File Download Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link:...
CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
WeeChat 'irc_ctcp_dcc_filename_without_quotes' function buffer overflow vulnerability
WeeChat Wee Enhanced Environment for Chat is an efficient lightweight IRC chat client. A security vulnerability exists in the 'ircctcpdccfilenamewithoutquotes' function in WeeChat versions prior to 1.7.1. A remote attacker can exploit this vulnerability to cause a denial of service crash by sendi...
UBUNTU-CVE-2017-8073
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the ircctcpdccfilenamewithoutquotes function during quote removal, with a buffer overflow...
DEBIAN-CVE-2017-8073
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the ircctcpdccfilenamewithoutquotes function during quote removal, with a buffer overflow...
weechat -- multiple vulnerabilities
Common Vulnerabilities and Exposures: WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the ircctcpdccfilenamewithoutquotes function during quote removal, with a buffer overflow...
CVE-2017-7283
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php...
CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
UBUNTU-CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
libreoffice security update
1:4.3.7.2-2.0.1.1 - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile [email protected] - Build with --with-vendor='Oracle America, Inc.' [email protected] 1:4.3.7.2-2.1 - Resolves: rhbz1435532 CVE-2017-3157 Arbitrary file disclosure in...