17 matches found
PT-2025-53352
Name of the Vulnerable Software and Affected Versions Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 Description The software contains a stored cross-site scripting issue in the configuration file upload functionality. An attacker can upload a malicious HTML file that will execute...
EUVD-2007-2606
Malware in sbrugna...
EUVD-2020-27798
Malware in sbrugna...
EUVD-2000-0561
Malware in sbrugna...
EUVD-2006-2643
Malware in sbrugna...
EUVD-2023-23954
Malicious code in bioql PyPI...
CVE-2023-1731
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands...
CVE-2022-28719
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code...
CVE-2024-12398
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00ACLE.3 and WBE660S firmware versions through 6.70ACGG.2 could allow an authenticated user with limited privileges to escalate their privileges to that of an...
CVE-2024-29974
UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “fileupload-cgi” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted...
CVE-2024-29974
UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “fileupload-cgi” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted...
FatPipe MPVPN < 10.1.2r60p92 / 10.2.2 < 10.2.2r44p1 Configuration File Upload (CVE-2021-27860)
According to its self-reported version, the instance of FatPipe MPVPN running on the remote web server is 10.1.2r60p92 or 10.2.2 10.2.2r44p1. It is, therefore, affected by a configuration file upload vulnerability that could allow a remote attacker to upload a file to any location on the filesyst...
CVE-2023-22917
A buffer overflow vulnerability in the “sdwanifaceipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50W firmware versions 5.10 through 5.32, USG20W-VPN firmware versions 5.10 through 5.32, and VPN series firmware...
CVE-2022-43619
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
USN-2629-1 cups vulnerabilities
It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. CVE-2015-1158 It was discovered that the CUPS templating...
CVE-2007-2613
WikkaWiki Wikka Wiki before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKACONFIG environment variable...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...