Andrea ST Filters Service Code Issues and Vulnerabilities

Andrea ST Filters Service is an audio enhancement driver component developed by Andrea Corporation in the United States. Version 1.0.64.7 of Andrea ST Filters Service contains a code vulnerability. This vulnerability stems from the service path in the Windows service configuration that lacks...

PT-2025-53453

Name of the Vulnerable Software and Affected Versions Eaton UPS Companion affected versions not specified Description A flaw exists in the Eaton UPS Companion software installer related to improper handling of quotation marks in search paths. This could allow an attacker with file system access t...

EUVD-2009-5000

Malware in sbrugna...

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

Advisory ROSA-SA-2024-2488

Software: less 458 OS: rosa-server79 packageevrstring: less-458-10.res7 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the filename.c file. Exploitation of...

ROS-20240516-01

Vulnerability of Less, a utility for UNIX-like text terminals, is related to incorrect processing of quotation marks in filename.c file. quotes in the filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

Event Booking Calendar 4.0 Cross Site Scripting Vulnerability

Title: Event Booking Calendar-4.0 XSS-Reflected Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the index reque...

Sql injection

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

Senayan Library Management System 9.0.0 Cross Site Scripting

Title: Senayan Library Management System v9.0.0 a.k.a SLIMS 9 Multiple XSS-Reflected vulnerabilities Author: nu11secur1ty Date: 12.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.0.0/slims9bulian-9.0.0.zip Reference:...

Open-Xchange: XSS - Notes - Attribute injection through overlapping tags

The Notes app uses simple markup language to format the content, which is later converted to HTML for display. javascript // frontend/ui/apps/io.ox/notes/parser.js parsePlainText: function text var lines = .escapetext.split/\n/, openList; ... var html = lines.join'' .replace/!\.?/g, ''...

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

Information disclosure

burn allows file names to escape via mishandled quotation marks...

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

CVE-2009-5043

Technical details for CVE-2009-5043 are not publicly available in the provided connected documents. No affected products, versions, or remediation are specified here; monitor for updated advisories.

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

CVE-2009-5043

Removed by vendor...

Fedora 30 : filezilla / libfilezilla (2019-7b9af09b17)

Bugfixes, and a security fix: Fixed vulnerabilities : Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. Note that Tenable Network Security has...

Wordpress < 4.1.2 storage type XSS analysis and stability of the POC-vulnerability warning-the black bar safety net

Wordpress thisXSSis actually very easy to use, anonymous users can post and trigger, this gives a simple analysis of the stability of the trigger of the POC. In fact, the vulnerability of the author in the articlexss-vulnerability-4-1-2/"...