9 matches found
CVE-2018-25131
CVE-2018-25131 concerns Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063. The vulnerability is a stored cross-site scripting (XSS) flaw in the configuration file upload functionality, allowing an uploaded HTML file to execute arbitrary JavaScript in a user’s browser session when viewed. Affecte...
Leica Geosystems GNSS 安全漏洞
Leica Geosystems GNSS is a line of mapping equipment from Leica Germany. A security vulnerability exists in Leica Geosystems GNSS version 4.30.063, which stems from the presence of stored cross-site scripting in the configuration file upload function that could lead to the execution of arbitrary...
EUVD-2025-20202
Malicious code in bioql PyPI...
CVE-2025-56816
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...
CVE-2025-56816
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...
MOXA Service 安全漏洞
MOXA Service is a hardware device infrastructure service from China MOXA MOXA. A security vulnerability exists in MOXA Service, which stems from a lack of authentication during command sending and could allow an attacker to execute specific commands, resulting in unauthorized configuration file...
Meinberg LANTIME Improper Filename Validation of the Upload Function (CVE-2023-1731)
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. This plugin only works with Tenable.ot. Please visit...
PT-2022-5539 · D Link · D-Link Dir-1935
Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can b...
D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities
D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities Exploit Title: D-Link DSP-W Arbitrary Arbitrary file upload Date: 30/06/2015 Exploit Author: DNO Vendor Homepage: link Version: w110 v1.05b01 Tested on: linux CVE : N/A ======================================== the only 'filtering' on this...