338 matches found
PT-2018-5238 · Poco +1 · Poco C++ Libraries +1
Name of the Vulnerable Software and Affected Versions: POCO C++ Libraries versions prior to 1.8 Description: The issue concerns a "file path injection vulnerability" in the ZipCommon::isValidPath function, which does not properly restrict the filename value in the ZIP header. This allows attacker...
Cross-site Scripting (XSS)
github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because fileitem.coffee allow injection of arbitrary value into path in filetree...
Path Injection Via Minion Ids
Salt is vulnerable to path injection attacks via minion ids. Salt masters do not properly validate the id of a connecting minion. This can lead to an attacker uploading files to the master in arbitrary locations. In particular, this can be used to bypass the manual validation of new unknown...
CVE-2016-9149
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...
[SECURITY] [DSA 3676-1] unadf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3676-1 [email protected] https://www.debian.org/security/ Luciano Bello September 24, 2016 https://www.debian.org/security/faq -...
Multiple Vulnerabilities in iStArtApp FileXChange
FileeXChange is a handy file manager for iPhone, iPod Touch and iPad. iStArtApp FileXChange suffers from file include, arbitrary file upload, local command, and path injection vulnerabilities. Allows remote attackers to compromise a web application or mobile device with unauthorized requests...
Multiple vulnerabilities in ePhone Disk
EPhone Disk is lightweight file manager to download, organize, deliver, and read files offline. ePhone Disk suffers from File Include, Local Command and Path Injection, and Remote Denial of Service vulnerabilities. Allows remote attackers to compromise web applications or mobile devices with...
The vulnerability of the PHP interpreter, allowing a hacker to modify arbitrary files
The vulnerability of the PharData PHP interpreter relates to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows an attacker to modify arbitrary files by adding the symbol “..” to the pathname of the ZIP archive during the extractTo operation...
RabbitMQ: /api/... XSS vulnerability
A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...
netcf: augeas path expression injection via interface name
A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash...
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities
Document Title: =============== File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1403...
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
No description provided by source. Document Title: =============== Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1165 Release Date: ============= 2013-12-09 Vulnerability Laboratory ID VL-ID:...
Chamilo 1.8.7 / Dokeos 1.8.6 - Remote File Disclosure
No description provided by source. Title: Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure Date: 2011/01/31 Author: beford Software Link: http://www.dokeos.com/download/dokeos-1.8.6.1.zip http://chamilo.googlecode.com/files/chamilo-1.8.7.1-stable.tar.gz Affected products ================= Doke...
QNAP Turbo NAS TS-1279U-RP Multiple Path Injection
No description provided by source. Exploit Title: QNAP Turbo NAS Multiple Path Injection Date: 2012-09-04 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.qnap.com/ Version: = 3.7.3 build 20120801 Tested on: QNAP TS-1279U-RP This vulnerability has been discovered on QNAP TS-1279U-RP, bu...
CVE-2014-2856
Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
Document Title: =============== Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1165 Release Date: ============= 2013-12-09 Vulnerability Laboratory ID VL-ID: ==================================...
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
Document Title: =============== Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1165 Release Date: ============= 2013-12-09 Vulnerability Laboratory ID VL-ID: ==================================...
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
Document Title: =============== Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1165 Release Date: ============= 2013-12-09 Vulnerability Laboratory ID VL-ID: ==================================...
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities
Document Title: =============== Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1152 Release Date: ============= 2013-12-03 Vulnerability Laboratory ID VL-ID: ==================================...
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
Exploit for linux platform in category web applications Title: Synology DSM multiple vulnerabilities Version affected: = 4.3-3776 Vendor: Synology Discovered by: Andrea Fabrizi Email: email protected Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Synology DiskStation Manag...