4 matches found
PYSEC-2021-428
nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting XSS issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs...
ZendTo Cross-Site Scripting Vulnerability
ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. A cross-site scripting vulnerability exists in versions prior to ZendTo 6.06-4 Beta during the display of drop-down menus with file names containing unexpect...
CVE-2014-2720
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as...
CVE-2014-2720
IZArc 4.1.8 is vulnerable due to a mismatch between ZIP Central Directory data (file name) and the Local File Header used to launch the file. This allows user‑assisted remote attackers to perform file‑extension spoofing that can lead to unintended code execution, demonstrated when a .jpg in the C...