fileconvert's People
fileconvert's Issues
A new vulnerability was discovered: CVE-2021-21080
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/211865
A new vulnerability was discovered: debricked-149654
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207703
A new vulnerability was discovered: CVE-2017-3103
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/91927
A new vulnerability was discovered: CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/174036
A new vulnerability was discovered: CVE-2021-21079
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/211864
A new vulnerability was discovered: CVE-2018-4994
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/106716
A new vulnerability was discovered: CVE-2020-26291
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (\
) character followed by an at (@
) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example the URL https://expected-example.com\@observed-example.com
will incorrectly return observed-example.com
if using an affected version. Patched versions correctly return expected-example.com
. Patched versions match the behavior of other parsers which implement the WHATWG URL specification, including web browsers and Node's built-in URL class. Version 1.19.4 is patched against all known payload variants. Version 1.19.3 has a partial patch but is still vulnerable to a payload variant.]
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/205123
A new vulnerability was discovered: CVE-2015-0343
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/9500
A new vulnerability was discovered: CVE-2017-11290
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98104
A new vulnerability was discovered: CVE-2018-19718
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/117946
A new vulnerability was discovered: CVE-2013-4691
Sencha Labs Connect has XSS with connect.methodOverride()
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/140135
A new vulnerability was discovered: CVE-2020-24443
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186169
A new vulnerability was discovered: CVE-2018-4923
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/106692
A new vulnerability was discovered: CVE-2017-11287
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98101
A new vulnerability was discovered: CVE-2021-23362
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212316
A new vulnerability was discovered: CVE-2020-36049
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/206562
A new vulnerability was discovered: CVE-2021-21085
Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/211867
A new vulnerability was discovered: CVE-2017-3102
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/91926
A new vulnerability was discovered: CVE-2018-12805
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/110694
A new vulnerability was discovered: CVE-2018-4921
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/106691
A new vulnerability was discovered: CVE-2016-0950
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/2624
A new vulnerability was discovered: CVE-2020-13822
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/173421
A new vulnerability was discovered: CVE-2021-23331
This affects all versions of package com.squareup:connect.
The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system.
A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation.
Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/209608
A new vulnerability was discovered: CVE-2019-16769
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/138877
A new vulnerability was discovered: CVE-2021-29940
An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212772
A new vulnerability was discovered: CVE-2019-20149
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/140477
A new vulnerability was discovered: CVE-2009-4590
Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48668
A new vulnerability was discovered: CVE-2021-27516
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/210743
A new vulnerability was discovered: CVE-2015-0344
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/9501
A new vulnerability was discovered: CVE-2019-10746
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/128473
A new vulnerability was discovered: CVE-2020-36048
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/206561
A new vulnerability was discovered: CVE-2020-5674
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187822
A new vulnerability was discovered: CVE-2019-10747
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/128474
A new vulnerability was discovered: debricked-149694
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207742
A new vulnerability was discovered: debricked-149699
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207747
A new vulnerability was discovered: CVE-2020-28275
Prototype pollution vulnerability in 'cache-base' versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/204989
A new vulnerability was discovered: CVE-2017-3101
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/91925
A new vulnerability was discovered: CVE-2016-0948
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/2622
A new vulnerability was discovered: CVE-2017-11291
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98105
A new vulnerability was discovered: CVE-2014-1936
rc before 1.7.1-5 insecurely creates temporary files.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/138117
A new vulnerability was discovered: CVE-2016-0949
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/2623
A new vulnerability was discovered: CVE-2017-11288
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98102
A new vulnerability was discovered: CVE-2020-7598
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/156954
A new vulnerability was discovered: CVE-2009-4591
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48669
A new vulnerability was discovered: CVE-2018-1109
A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212619
A new vulnerability was discovered: CVE-2014-2980
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/18079
A new vulnerability was discovered: CVE-2009-4592
Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48670
A new vulnerability was discovered: CVE-2006-1611
Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a filename.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/64497
A new vulnerability was discovered: CVE-2016-4118
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/5575
A new vulnerability was discovered: CVE-2017-11289
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98103
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.