Lucene search
+L

7 matches found

attackerkb
attackerkb
added 2026/04/27 3:11 p.m.2 views

CVE-2026-41467

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML files containing arbitrary JavaScript through the...

5.4CVSS5.1AI score0.00181EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2025/02/14 5:23 a.m.11 views

CVE-2024-36079

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...

6.5CVSS6.7AI score0.00589EPSS
Exploits0References3
nvd
nvd
added 2019/12/05 3:15 p.m.18 views

CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...

7.5CVSS6.3AI score0.0192EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2019/12/05 3:15 p.m.30 views

CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...

7.5CVSS6.3AI score0.0192EPSS
Exploits0References2
cve
cve
added 2019/12/05 2:54 p.m.178 views

CVE-2019-18180

Summary of CVE-2019-18180 : An improper check for filenames with overly long extensions in OTRS Community Edition (PostMaster and file uploads) could trigger an endless loop. Affected: OTRS AG/Community Edition 5.0.x (≤5.0.38), 6.0.x (≤6.0.23), and 7.0.x (≤7.0.12). Consequence: potential denial o...

7.5CVSS6.3AI score0.0192EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2017/12/06 3:29 a.m.20 views

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

9.8CVSS8.5AI score0.03362EPSS
Exploits0References5
nvd
nvd
added 2004/12/31 5:0 a.m.9 views

CVE-2004-1408

The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files...

7.5CVSS7.4AI score0.01532EPSS
Exploits0References3
Rows per page
Query Builder