CVE-2017-6191

Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename...

CVE-2017-6191

Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename...

Design/Logic Flaw

File extension filtering vulnerability in Intel Security McAfee Email Gateway MEG before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension...

WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write Date: 2017-03-08 Exploit Author: malwrforensics Vendor Homepage: https://webdevstudios.com/ Software Link: https://wordpress.org/plugins/chat-room/...

USN-3225-1 libarchive vulnerabilities

It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. CVE-2016-5418 Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled...

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting

ASUSWRT RT-AC53 3.0.0.4.380.6038 - Cross-Site Scripting Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject...

CVE-2016-4949

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a 1 stderr.log or 2 stdout.log value in the filename parameter to /cmf/process//logs...

Code injection

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a 1 stderr.log or 2 stdout.log value in the filename parameter to /cmf/process//logs...

CVE-2016-4949

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a 1 stderr.log or 2 stdout.log value in the filename parameter to /cmf/process//logs...

Open Source SIP Sniffer: pcapsipdump

Open Source SIP Sniffer pcapsipdump is libpcap-based SIP sniffer with per-call sorting capabilities. It writes SIP/RTP sessions to disk in a same format, as “tcpdump -w”, but one file per SIP session even if there is thousands of concurrent SIP sessions. Each session goes in a separate, fancy-nam...

Rockstar Games: full path disclosure on www.rockstargames.com via apache filename brute forcing

In this report, the researcher found that sending a request with an invalid Accept header to http://www.rockstargames.com/index resulted in a full path disclosure to the webroot. This was fixed as a result of the researcher's aid. Please be aware that after this report was resolved, we added "Pat...

Wordpress Theagency Themes File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Themes Theagency File Upload Vulnerability Author : Berandal Google Dork: inurl:/wp-content/themes/theagency Tested on: Win 7, Linux Blog : http://www.maxteroit.com/ Video Proof :...

SQL Injection Vulnerability in the 'filename' parameter of Xinhoo Collaboration Office System

Xinhuo coworking system is an open source office system, cross-platform system, support APP, pc web version, pc client and so on. SQL injection vulnerability exists in the 'filename' parameter of Xinhao Co-working System. Allow attackers to exploit the vulnerability to obtain sensitive database...

CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."...

CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."...

DEBIAN-CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."...

CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."...

CVE-2017-6306

The CVE-2017-6306 issue concerns ytnef/libytnef prior to version 1.9.1 with a directory traversal vulnerability in the SanitizeFilename function (settings.c). Connected advisories confirm this CVE is addressed in later releases: Fedora 30 updated ytnef to 1.9.3; Mageia reports updated libytnef pa...

CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."...

UBUNTU-CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."...