CVE-2020-37245

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

CVE-2020-37245

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

CVE-2020-37245

Supsystic Digital Publications 1.6.9 for WordPress is affected by two issues described in the CVE-2020-37245 entry: a path traversal vulnerability in the Folder input field that can expose files outside the web root, and stored cross-site scripting caused by failure to sanitize inputs in publicat...

CVE-2020-37245 WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

PT-2026-41445

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

CVE-2018-25277

PixGPS 1.1.8 contains a buffer overflow vulnerability in the folder path input field that can crash the application via an oversized payload. Attackers can craft a string exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service. The CVSS data ind...

EUVD-2018-21797

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denia...

EUVD-2019-19977

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to...

CVE-2020-37028

CVE-2020-37028 relates to Socusoft Photo to Video Converter Professional 8.07, which contains a local buffer overflow in the 'Output Folder' input field. The issue triggers a stack-based buffer overflow when a crafted payload is pasted into the output folder field, potentially enabling arbitrary ...

CVE-2020-37028

Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based buffer...

Usermin Cross-Site Scripting Vulnerability

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail and more. A cross-site scripting vulnerability exists in Usermin version 2.001, which originates from a security issue within the filter, forward mail tab, that allows remote...