39 matches found
CVE-2020-7563
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...
EUVD-2020-28689
Malware in sbrugna...
EUVD-2020-28687
Malware in sbrugna...
EUVD-2020-28688
Malware in sbrugna...
EUVD-2024-39427
Malicious code in bioql PyPI...
CVE-2025-57633
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...
CVE-2020-7562
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...
CVE-2024-42059
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...
CVE-2024-42059
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...
GHSA-3CQW-PXGR-JHRM TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename...
Infoscience Logstorage and Infoscience ELC Analytics Operating System Command Injection Vulnerability
Infoscience Logstorage and Infoscience ELC Analytics are both products of Infoscience Japan.Infoscience Logstorage is an integrated log management tool. The device collects logs from all company information systems for integrated management.Infoscience ELC Analytics is a server log management too...
CVE-2020-7562
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...
Buffer overflow
A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause write access and the execution o...
[SECURITY] Fedora 32 Update: mingw-curl-7.71.1-1.fc32
cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, F...
PT-2020-6830
Name of the Vulnerable Software and Affected Versions Modicon M340 affected versions not specified Modicon Quantum affected versions not specified Modicon Premium Legacy affected versions not specified Description A CWE-125: Out-of-Bounds Read issue exists in the Web Server of the affected device...
CVE-2017-6100
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP...
Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access
Summary The 4th generation IrisAccess™ 7000 series iris recognition solution offered by Iris ID provides fast, secure, and highly accurate, non-contact identification by the iris of the eye. The iCAM7000's versatility and flexibility allows for easy integration with many Wiegand and network based...
[SECURITY] Fedora 22 Update: mingw-curl-7.47.0-1.fc22
cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, F...
[SECURITY] Fedora 21 Update: mingw-curl-7.42.0-1.fc21
cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, F...
Vimeo: ftp upload of video allows naming that is not sanitized as the manual naming
I have uploaded via ftp Vimeo Pro account a filename """.mp4 And as you can see in the screenshot it is put automatically as the name of the video. But I cannot put this name """.mp4 manually So I think it needs the same sanitization of the name as it's done after the manual editing. Even if the...