DEBIAN-CVE-2017-9061

In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...

UBUNTU-CVE-2017-9061

In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...

WordPress 3.3-4.7.4 - Large File Upload Error XSS

...

DEBIAN-CVE-2017-6314

The makeavailableatleast function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service infinite loop via a large TIFF file...

we7cms file upload vulnerability

we7cms is a content management system based on asp.net development. we7cms V3.0 system file upload vulnerability, the vulnerability is mainly caused by information leakage of the background upload service exposure, the uploaded service failed to get the identity verification, and the file format...

Telegram Messenger Offers Large File Sharing up to 1.5GB while you Chat

In spite of all the things smartphones can do, messaging remains one of the most popular activities. Popular messaging apps like WhatsApp, Viber, WeChat support text messages, voice calls, photo & video sharing features, but there is no provision for sharing every file types on these amazing...

Fedora 20 : php-5.5.20-2.fc20 (2014-17229)

18 Dec 2014, PHP 5.5.20\r\n\r\nCore:\r\n Fixed bug 68091 Some Zend headers lack appropriate extern 'C' blocks. Adam\r\n Fixed bug 68185 'Inconsistent insteadof definition.'- incorrectly triggered. Julien\r\n Fixed bug 68370 'unset$this' can make the program crash. Laruence\r\n Fixed bug 68545 NUL...

CVE-2014-7098

The Fylet Secure Large File Sender aka com.application.fyletFileSender application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7098

The Fylet Secure Large File Sender aka com.application.fyletFileSender application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-4792

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service disk consumption by uploading large files...

Fedora 20 : php-sabre-dav-1.8.9-1.fc20 (2014-3401)

This release fixes a security issue and an issue related to large files in SabreDAV. - XEE issue: Previous SabreDAV versions had a security issue, if running on the following PHP versions: PHP 5.3, older than 5.3.23, PHP 5.4, older than 5.4.13, PHP 5.5 is not affected by this. - Large file suppor...

Fedora 19 : php-sabre-dav-1.8.9-1.fc19 (2014-3405)

This release fixes a security issue and an issue related to large files in SabreDAV. - XEE issue: Previous SabreDAV versions had a security issue, if running on the following PHP versions: PHP 5.3, older than 5.3.23, PHP 5.4, older than 5.4.13, PHP 5.5 is not affected by this. - Large file suppor...

Design/Logic Flaw

An unspecified buffer-read method in IBM Sterling Control Center SCC 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters...

CVE-2013-2968

An unspecified buffer-read method in IBM Sterling Control Center SCC 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters...

Integer overflow

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service daemon hang via a large file, which triggers a heap-based buffer overflow...

[slackware-security] slocate

New slocate packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: Patched to use lstat64 and -DLARGEFILE64SOURCE. Thanks to Mancha+. Patched to fix information leak of filenames in protect...

MikroTik Winbox < 5.17 File Download DoS

According to its self-reported version number, the installation of MikroTik Winbox hosted on the remote web server is affected by a denial of service vulnerability. An unauthenticated, remote attacker may make multiple requests to download a large file, resulting in the service becoming...

Format Factory v2.95 - Buffer Overflow Vulnerabilities

Exploit for windows platform in category local exploits Title: ====== Format Factory v2.95 - Buffer Overflow Vulnerabilities Introduction: ============= Format Factory is a multifunctional media converter. Provides functions below ... - All to MP4/3GP/MPG/AVI/WMV/FLV/SWF. - All to...

Patch 3 Release Notes for Veeam Backup & Replication 6.0.0.153

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge These are the issues resolved by the Patch 3 for Veeam Backup version 6.0.0.153. All patches are cumulative so each below fix is contained in this patch...

Debian DSA-2259-1 : fex - authentication bypass

It was discovered that FEX, a web service for transferring very large files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all can bypass the authentication procedure. The...