CVE-2023-7088 Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

SUSE CVE-2023-52169

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 for 7zz contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in...

Cross site scripting in the file manager

Date : 2024-04-09 CVE ID : CVE-2024-28190 Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao...

PT-2023-9823 · Igor Pavlov +6 · 7-Zip +6

Name of the Vulnerable Software and Affected Versions: 7-Zip versions prior to 24.01 Description: The issue is related to an out-of-bounds read in the NTFS handler of 7-Zip. This allows an attacker to read beyond the intended buffer, with the bytes read presented as part of a filename in the file...

PYSEC-2021-381

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

DEBIAN-CVE-2020-13936

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...

Command Injection

Overview clamscan is an Use Node JS to scan files on your server with ClamAV's clamscan binary or clamdscan daemon. This is especially useful for scanning uploaded files provided by un-trusted sources. Affected versions of this package are vulnerable to Command Injection. It is possible to inject...

Apache 2.4.x < 2.4.3 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is prior 2.4.3. It is, therefore, affected by the following vulnerabilities : - An input validation error exists related to 'modnegotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting...

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: low: XSS in modnegotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LDLIBRARYPATH handling CVE-2012-0883 This issue w...

Apache 2.4.1, 2.4.2 Multiple Vulnerabilities

Binary data 6550.prm...

Apache Httpd < 2.2.23 : XSS in mod_negotiation when untrusted uploads are supported

Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455...

Apache Httpd < 2.4.3 : XSS in mod_negotiation when untrusted uploads are supported

Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455...

Apache Httpd < 2.2.12 : CRLF injection in mod_negotiation when untrusted uploads are supported

Possible CRLF injection allowing HTTP response splitting attacks for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled...