FilePress 注入漏洞

FilePress is a file-driven website building system developed by zyx0814. It supports cloud storage management and multi-mode file display. Versions of FilePress 2.2.0 and earlier had an injection vulnerability. This vulnerability stemmed from improper handling of the order parameter in the Shares...

CVE-2026-41253

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...

CVE-2024-52888 Stored-XSS

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

PT-2024-29470 · Severalnines · Severalnines Clustercontrol

Name of the Vulnerable Software and Affected Versions: Severalnines Cluster Control versions 1.9.8 through 1.9.8-9777 Severalnines Cluster Control versions 2.0.0 through 2.0.0-9778 Severalnines Cluster Control versions 2.1.0 through 2.1.0-9779 Description: A Directory Traversal issue allows a...

PYSEC-2024-54

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

CVE-2021-24825

CVE-2021-24825 affects the WordPress plugin Custom Content Shortcode (versions before 4.0.2). The issue arises because load shortcode data is not validated, allowing authenticated contributors (v<4.0.1) or admins (v

GHSA-9JQ9-C2CV-PCRJ Cross-site Scripting by SVG upload in xwiki-platform

Impact When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. Patches This problem has been patched so that the default configuration doesn't allow to display the SVG files in the browser...

Arch Linux安全漏洞

Arch Linux is an application system from Arch Open Source. A lightweight and flexible Linux® distribution that tries to keep it simple. Arch Linux suffers from a security vulnerability that allows partial display of files not accessed by the user...

openSUSE Security Update : viewvc (openSUSE-2021-84)

This update for viewvc fixes the following issues : - update to 1.1.28 boo1167974, CVE-2020-5283 : - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166,...

CVE-2019-3571

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension...

Description of the cumulative update package for Communicator 2007 R2: January 2012

Describes the Office Communicator 2007 R2 issue that is fixed in the Office Communicator 2007 R2 update package that is dated January 2012.SummaryThis article describes the Microsoft Office Communicator 2007 R2 issue that is fixed in the Office Communicator 2007 R2 update package that is dated...

Allaire ColdFusion Server <= 4.0 - Remote File Display, Deletion, Upload and Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/115/info To display and delete any file on the system use an URL of the following form: http://www.victim.test/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\the\target\file To upload files to the sever first find out the...

TalentSoft Web+ 4.x Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1102/info Web+ is an e-commerce server designed to run under a webserver, to provide web storefronts. The various scripts that are required to do this are specified to the webpsvr daemon via a 'script' variable passed to...

Medium severity flaw with Ark

I recently discovered that the Ark archiving tool is vulnerable to directory traversal via malformed. When attempts are made to view files within the malformed Zip file in Ark's default view, the wrong file may be displayed due to incorrect construction of the temporary file name. Whilst this doe...

Ark 2.16 Directory Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20110726 Date: 26th July 2011 Author: Tim Brown URL: / Product: Ark 2.16 Vendor: KDE Risk: Medium Summary The Ark archiving tool is vulnerable to directory traversal via malformed Zip files. When attempts are made...

Bloofox 0.3 (SQL/FD) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ==================================================== Bloofox 0.3 SQL/FD Multiple Remote Vulnerabilities ==================================================== WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilitie...

[SA16420] Dev-PHP NULL Character File Display Weakness

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16398] PHP Designer 2005 NULL Character File Display Weakness

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Groove Virtual Office may not correctly display file names

Overview Groove Virtual Office may not correctly display the names of attached or embedded files. A remote attacker may be able to trick a user into executing arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases,...

xloadimage security update

CentOS Errata and Security Advisory CESA-2005:332-01 A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in filenames is now available. This update has been rated as having low security impact by the Red Hat Security Response...