1026 matches found
ZKTeco ZKBio Time 安全漏洞
ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...
PT-2024-16723 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Time version 9.0.1 Description: A vulnerability has been found in the Image File Handler component of ZKTeco ZKBio Time, affecting an unknown function of the file /auth files/photo/. This issue leads to direct request manipulatio...
CVE-2024-10965
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965 emqx neuron JSON File schema information disclosure
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965
Vulnerability summary (CVE-2024-10965): EMQX Neuron up to version 2.10.0 is affected by an information disclosure issue in the JSON File Handler, specifically the vulnerable function at /api/v2/schema. Exploitation is possible remotely through manipulation of this endpoint due to an unknown funct...
Neuron 访问控制错误漏洞
Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. An Access Control Error vulnerability exists in Neuron version 2.10.0 and prior versions, which stems from an information...
CVE-2024-9291
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...
CVE-2024-9291
CVE-2024-9291 concerns kalvinGit kvf-admin (XML File Handler). The vulnerability affects the file "/ueditor/upload?configPath=ueditor/config.json&action=uploadfile" where manipulation of the upfile argument enables cross-site scripting. It can be exploited remotely, and the exploit has been discl...
CVE-2024-9291 kalvinGit kvf-admin XML File cross site scripting
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...
CVE-2024-9291 kalvinGit kvf-admin XML File cross site scripting
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...
PT-2024-39546 · Unknown · Kalvingit Kvf-Admin
Name of the Vulnerable Software and Affected Versions: kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff Description: A problematic vulnerability has been found in the XML File Handler component of kalvinGit kvf-admin. The issue affects an unknown function of the file...
CVE-2024-7738
A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has...
CVE-2024-7738
The CVE-2024-7738 entry affects yzane vscode-markdown-pdf 1.5.0 (Markdown File Handler) and describes a pathname traversal vulnerability exploitable with local access. Several connected sources confirm the issue, with exploitation disclosed publicly (POCs/videos referenced). The root cause is unk...
CVE-2024-7738 yzane vscode-markdown-pdf Markdown File pathname traversal
A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has...
PT-2024-38546
Name of the Vulnerable Software and Affected Versions: yzane vscode-markdown-pdf version 1.5.0 Description: A problematic issue has been found in the Markdown File Handler component, leading to pathname traversal. The manipulation requires a local attack. The exploit has been disclosed to the...
CVE-2024-7660
A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can ...
SourceCodester File Manager 安全漏洞
SourceCodester File Manager is a file manager. A security vulnerability exists in SourceCodester File Manager version 1.0, which stems from a cross-site scripting vulnerability in the File Title/Uploaded By parameter of the Add File Handler component...
PT-2024-38488 · Unknown · Sourcecodester File Manager App
Name of the Vulnerable Software and Affected Versions: SourceCodester File Manager App version 1.0 Description: A vulnerability has been found in the SourceCodester File Manager App, affecting an unknown functionality of the component Add File Handler. The manipulation of the argument File...
CVE-2024-6958
A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /stupdate.php of the component Avatar File Handler. The manipulation of the argument personalimage leads to unrestricted upload. The attack can be...