13 matches found
EUVD-2024-47777
Malicious code in bioql PyPI...
CVE-2024-7014 Improper multimedia file attachment validation in Telegram for Android app
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older...
CVE-2024-6740
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...
Openfind Mail2000 Cross-Site Scripting Vulnerability
Openfind Mail2000 is a Web-based email system from China's Openfind. A cross-site scripting vulnerability exists in Openfind Mail2000, which originates from not properly validating email attachments, allowing an unauthenticated, remote attacker to inject JavaScript code into the attachments and...
Helpy 跨站脚本漏洞
Helpy is an open source customer support application. The program includes features such as a knowledge base, community discussions, and email. A security vulnerability exists in Helpy version 2.8.0, which stems from the application not properly validating attachments sent by customers in work...
PT-2022-14473 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to improper input validation in the Messaging component, allowing files to be attached to messages without proper access checks. This could lead to local escalation of privilege wi...
Machform Cross-Site Scripting Vulnerability
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A stored cross-site scripting vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments...
CVE-2020-1044
A security feature bypass vulnerability exists in SQL Server Reporting Services SSRS when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator. To exploit the...
SQL Server Reporting Services Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in SQL Server Reporting Services SSRS when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator. To exploit the...
PT-2020-4081 · Microsoft · Sql Server Reporting Services
Name of the Vulnerable Software and Affected Versions: SQL Server Reporting Services SSRS affected versions not specified Description: A security feature bypass issue exists in SQL Server Reporting Services SSRS due to improper validation of attachments uploaded to reports. This could allow an...
Spoofing
A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'...
CVE-2018-8244
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook...
[Full-disclosure] Multiple vulnerabilities within RockLiffe MailSite Express WebMail
======================================================================== = Multiple vulnerabilities within RockLiffe MailSite Express WebMail = = Also available online at = http://www.security-assessment.com/Advisories/RockliffeExpressWebmailVuln erabilities.pdf = = Vendor Website: =...