Lucene search
K

4 matches found

PyPA
PyPA
added 2021/11/03 6:15 p.m.7 views

PYSEC-2021-428

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting XSS issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs...

8.7CVSS5.5AI score0.0068EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/03/02 12:0 a.m.7 views

ZendTo Cross-Site Scripting Vulnerability

ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. A cross-site scripting vulnerability exists in versions prior to ZendTo 6.06-4 Beta during the display of drop-down menus with file names containing unexpect...

6.1CVSS6.1AI score0.00624EPSS
Exploits0References1
NVD
NVD
added 2014/05/27 11:15 a.m.8 views

CVE-2014-2720

IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as...

6.8CVSS7AI score0.02305EPSS
Exploits1References1
CVE
CVE
added 2014/05/27 10:0 a.m.46 views

CVE-2014-2720

IZArc 4.1.8 is vulnerable due to a mismatch between ZIP Central Directory data (file name) and the Local File Header used to launch the file. This allows user‑assisted remote attackers to perform file‑extension spoofing that can lead to unintended code execution, demonstrated when a .jpg in the C...

6.8CVSS7.2AI score0.02305EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder