45 matches found
EUVD-2020-0382
Malware in sbrugna...
CVE-2019-15602
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting XSS vulnerability in files it serves...
CVE-2021-43734
CVE-2021-43734 affects kkFileview v4.0.0 and is a Local File Inclusion via a directory traversal that may lead to sensitive file leaks on the host. The Nuclei template details an LFI impact with high severity (CVSSv3.1: 7.5) and indicates remediation by upgrading to v4.0.1 or later. Other sources...
GHSA-GVR4-7XGC-GX3W Cross-Site Scripting in fileview
All versions of fileview are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using...
Cross-Site Scripting in fileview
All versions of fileview are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using...
Cross-Site Scripting
Overview All versions of fileview are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available...
Fileview Cross-Site Scripting Vulnerability
fileview package is a file viewer. A cross-site scripting vulnerability exists in fileview package version v0.1.6. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side code...
CVE-2019-15602
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting XSS vulnerability in files it serves...
CVE-2019-15602
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting XSS vulnerability in files it serves...
Cross site scripting
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting XSS vulnerability in files it serves...
CVE-2019-15602
The CVE-2019-15602 entry concerns the fileview package v0.1.6, which contains inadequate output encoding/escaping that leads to a stored XSS vulnerability in served files. Multiple connected records corroborate this: all versions of fileview are vulnerable to XSS via unsanitized filenames, allowi...
CVE-2019-15602
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting XSS vulnerability in files it serves...
Node.js third-party modules: [fileview] Inadequate Output Encoding and Escaping
I would like to report stored xss in fileview module It allows an attacker to embed malicious js code in filename there was no sanitization performed. Module module name:fileview version: 0.1.6 npm page: https://www.npmjs.com/package/fileview Module Description File browsers on web. It's easy to...
WinZip <= 10.0.7245 - FileView ActiveX Buffer Overflow Exploit (2)
No description provided by source. !-- prdelka http://blogs.23.nu/prdelka I made a version of my winzip exploit that utilises the heap spray method with a bindshell for some project or other. you can download a copy here if its of use to you, note i used a different method courtesy of...
WinZIP <= 10.0.7245 (FileView ActiveX Control) Stack Overflow PoC
No description provided by source. !-- WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability -- prdelka -- HTML HEAD TITLE/TITLE /HEAD BODY SCRIPT LANGUAGE=VBScript !-- Sub WZFILEVIEWOnAfterItemAddItem WZFILEVIEW.FilePattern =...
WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow
No description provided by source. $Id: winzipfileview.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
CVE-2013-0125
Cross-site scripting XSS vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter...
WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow
The FileView ActiveX control WZFILEVIEW.FileViewCtrl.61 could allow a remote attacker to execute arbitrary code on the system. The control contains several unsafe methods and is marked safe for scripting and safe for initialization. A remote attacker could exploit this vulnerability to execute...
WinZip <= 10.0.7245 FileView ActiveX Buffer Overflow Exploit v2
No description provided by source. prdelka http://blogs.23.nu/prdelka I made a version of my winzip exploit that utilises the heap spray method with a bindshell for some project or other. you can download a copy here if its of use to you, note i used a different method courtesy...
WinZip <= 10.0.7245 FileView ActiveX Buffer Overflow Exploit v2
No description provided by source. !-- prdelka http://blogs.23.nu/prdelka I made a version of my winzip exploit that utilises the heap spray method with a bindshell for some project or other. you can download a copy here if its of use to you, note i used a different method courtesy of...