UBUNTU-CVE-2014-2886

GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...

CVE-2014-2886

Removed by vendor...

Cross site scripting

Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...

PT-2014-7206 · Facebook · Facebook App +1

Name of the Vulnerable Software and Affected Versions: Facebook app version 14.0 Facebook Messenger app version 10.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME...

Photorange 1.0 iOS - Local File Inclusion

Photorange 1.0 iOS - Local File Inclusion Document Title: =============== Photorange v1.0 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1318 Release Date: ============= 2014-09-07 Vulnerability Laboratory ID VL-ID:...

Photorange 1.0 iOS - Local File Inclusion

Document Title: =============== Photorange v1.0 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1318 Release Date: ============= 2014-09-07 Vulnerability Laboratory ID VL-ID: ==================================== 1318...

Photorange v1.0 iOS - File Include Web Vulnerability

Document Title: =============== Photorange v1.0 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1318 Release Date: ============= 2014-09-06 Vulnerability Laboratory ID VL-ID: ==================================== 1318...

CVE-2014-3910

Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension...

CVE-2014-3910

Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension...

Cloudflare: Apache mod_negotiation filename bruteforcing

Vulnerability description modnegotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error...

Easy FTP Pro 4.2 iOS - Command Injection Vulnerabilities

No description provided by source. Document Title: =============== Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1291 Release Date: ============= 2014-08-06 Vulnerability Laboratory ID VL-ID:...

TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities

Document Title: =============== TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1284 Release Date: ============= 2014-07-30 Vulnerability Laboratory ID VL-ID: ==================================== 1284...

Directory traversal

Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename...

CVE-2014-1973

Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename...

MGASA-2014-0289 Updated dpkg packages fixes security vulnerabilities

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked CVE-2014-0471. Multiple vulnerabilities were discovered in dpkg...

Uzbey: IFXSS (image filename XSS) by creating a new Photo Gallery

Hello team! I think I've found a Stored XSS in the Photo Gallery. To reprodruce the possible vulnerability we must: 1. Login into our account. 2. Go to https://staging.uzbey.com/user/other-albums and click on the "add new album" button. 3. Add random values and any image with this name ---...

Qualcomm Eudora 5.0/5.1/6.0 Long Attachment Filename Denial of Service Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7026/info Eudora may crash when handling messages which contain attachments with excessively long filenames. This condition reportedly occurs when messages with malformed attachment filenames are stored in the user's...

Windows Escalate UAC Protection Bypass

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Printoxx - Local Buffer Overflow

No description provided by source. Exploit Title: Printoxx Local Buffer Overflow Date: 23 Dec, 2009 Author: sandman, n4mdn4s 4T gmail D0T com Software Link: http://kornelix.squarespace.com/printoxx/, http://kornelix.squarespace.com/storage/downloads/printoxx-2.1.2.tar.gz Version: = 2.1.2 Tested o...

iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities

No description provided by source. Document Title: =============== iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1240 Release Date: ============= 2014-03-31 Vulnerability Laboratory ID VL-ID...