2 matches found
CLSA-2026-1779694105 Fix CVE(s): CVE-2026-42307
SECURITY UPDATE: fix shell-injection in netrw via crafted sftp:// and file:// URLs by escaping the tempfile name and restricting the filename-suffix regex to word characters runtime/autoload/netrw.vim, upstream patch 9.2.0383 - debian/patches/CVE-2026-42307.patch: fix shell-injection in netrw via...
CVE-2019-13973
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the customlogo filename suffix is not restricted, and .php may be used...