8766 matches found
Arbitrary file download vulnerability in the fileName parameter of GoodVision video conferencing system
GoodVision Video Conferencing System is a software application for pc platforms in Simplified Chinese language. There is an arbitrary file download vulnerability in the fileName parameter of GoodVision Video Conferencing System. This allows attackers to exploit the vulnerability to obtain sensiti...
Textract Operating System Command Injection Vulnerability
textract is a Python library for extracting text content from various documents. An operating system command injection vulnerability exists in textract. A remote attacker can use this vulnerability to inject operating system commands by calling the process function from a filename...
PT-2017-9768 · Moxa · Moxa Awk-3131A Wireless Access Point
Name of the Vulnerable Software and Affected Versions: Moxa AWK-3131A Wireless Access Point version 1.1 Description: An exploitable null pointer dereference issue exists in the Web Application /forms/web runScript iw filename functionality. This can be triggered by an HTTP POST request with a bla...
Design/Logic Flaw
The allowexecmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function...
CVE-2016-4446
The allowexecstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function...
CVE-2016-4446
The allowexecstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function...
CVE-2016-4444
The allowexecmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function...
CVE-2016-4446
The allowexecstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function...
Code injection
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service process hang via a crafted filename...
CVE-2017-7239
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service process hang via a crafted filename...
CVE-2017-7239
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service process hang via a crafted filename...
CVE-2017-7239
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service process hang via a crafted filename...
CVE-2016-10320
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files...
Authentication flaw
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
DEBIAN-CVE-2017-5932
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
CVE-2017-5932
CVE-2017-5932 is a Bash local privilege escalation exploiting the path autocompletion feature. A crafted filename that begins with a double quote and includes a command substitution metacharacter can allow a local user to execute arbitrary code with elevated privileges. The vulnerability affects ...
CVE-2017-5932
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
Code injection
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot...
CVE-2017-6191
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename...
Buffer overflow
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename...