CVE-2021-27888

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

(0Day) Microsoft Windows dir Command Improper Character Neutralization Vulnerability

This vulnerability allows remote attackers to display misleading terminal output on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

EUVD-2005-3093

Malware in sbrugna...

NLnet Routinator 安全漏洞

NLnet Routinator is an RPKI Resource Public Key Infrastructure validator from the NLnet team written in the Rust language. A security vulnerability exists in NLnet Routinator version 0.14.0 and earlier, which stems from code that initially parses a manifest without checking the contents of the...

jetty: Improper addition of quotation marks to user inputs in CgiServlet

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...

CVE-2021-27888

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

Cross site scripting

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

USN-4505-1: PHPMailer vulnerability

Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. CVE-2020-13625...