Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.5 views

SUSE CVE-2013-4474

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service crash via format string specifiers in a destination filename...

5CVSS6.8AI score0.10483EPSS
Exploits0References3
OSV
OSV
added 2022/10/03 2:15 p.m.3 views

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2022/10/03 2:15 p.m.5 views

UBUNTU-CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS5.9AI score0.06199EPSS
Exploits2References3
Prion
Prion
added 2013/11/23 11:55 a.m.20 views

Format string

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service crash via format string specifiers in a destination filename...

5CVSS6.9AI score0.10483EPSS
Exploits0References8Affected Software2
RedHat Linux
RedHat Linux
added 2010/08/02 8:20 p.m.3 views

lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001]

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...

7.5CVSS6.2AI score0.03629EPSS
Exploits0References4
NVD
NVD
added 2008/06/04 8:32 p.m.27 views

CVE-2007-5608

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second...

9.3CVSS6.5AI score0.0359EPSS
Exploits1References9
Rows per page
Query Builder