8766 matches found
CVE-2016-7168
Cross-site scripting XSS vulnerability in the mediahandleupload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename...
CVE-2016-7168
Cross-site scripting XSS vulnerability in the mediahandleupload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename...
CVE-2016-7168
Cross-site scripting XSS vulnerability in the mediahandleupload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case...
CVE-2016-10083
Cross-site scripting XSS vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case...
CVE-2016-10083
Cross-site scripting XSS vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case...
shopify-scripts: Double free of filename after codegen error
The following program causes a double free of irep-filename after a codgen error is triggered. I've poked at it a bit and it doesn't seem exploitable because the second free happens near the end of the program and there don't appear to be any overflows or useful heap control available. However, I...
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
/ ;author: Filippo "zinzloun" Bersani ;date: 16/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic 147precise1-Ubuntu 32bit ; Linux bb32 4.4.0-45-generic 32bit ;72 bytes ;description: executes arbitrary command...
Cross-site Scripting (XSS)
Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Cross-site Scripting by letting the attacker under certain conditions control and override the filename option causing it to render the value as is, without escaping it. You can read more...
wget: Lack of filename checking allows arbitrary file upload via FTP redirect
It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client...
Print Job Requested - Filename Detection
Binary data 9662.prm...
ownCloud Multiple Vulnerabilities (Sep 2016) - Linux
ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...
DEBIAN-CVE-2016-6250
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow...
ALPINE-CVE-2016-6250
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow...
CVE-2016-6250
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow...
CVE-2016-6250
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow...
UBUNTU-CVE-2016-6250
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow...
WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
...
Instacart: Reflected File Download on recipe list search
Hi guys, Right now I'm searching for JSON issues on your API so I started to go deep into the XHR requests. When I noticed the following request:...
Fortinet FortiAnalyzer Cross-Site Scripting Vulnerability
Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The solution is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...