QNAP File Station 5 Buffer Overflow Vulnerability

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. QNAP File Station 5 suffers from a buffer overflow vulnerability that originates from an out-of-bounds read and can be exploited by an attacker to cause a data leak...

CVE-2025-52922

CVE-2025-52922 affects Innoshop up to 0.4.1, where a directory-traversal flaw in the FileManager API endpoints allows an authenticated admin to map the filesystem, create directories, read files, delete files, and create files by moving them. Affected endpoints include /api/file_manager/files?bas...

QNAP File Station 5 Trust Management Issues Vulnerability (CNVD-2025-15265)

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. QNAP File Station 5 suffers from a trust management issue vulnerability that stems from improper certificate validation, no details of the vulnerability are...

QNAP File Station 5 Trust Management Issues Vulnerability (CNVD-2025-15404)

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. QNAP File Station 5 suffers from a trust management issue vulnerability that stems from improper certificate validation, no details of the vulnerability are...

QNAP File Station 5 Path Traversal Vulnerability

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. A path traversal vulnerability exists in QNAP File Station 5, which stems from the program failing to properly filter special elements in the path of a resource...

[SECURITY] Fedora 41 Update: perl-File-Find-Rule-0.35-1.fc41

File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories...

[SECURITY] Fedora 42 Update: perl-File-Find-Rule-0.35-1.fc42

File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories...

QNAP File Station 5 安全漏洞

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. A resource management error vulnerability exists in QNAP File Station 5, which arises from an unrestricted resource allocation and can be exploited by an attacker to prevent other systems from accessing...

CVE-2024-25523

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...

CVE-2024-8163

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/filemanager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The...

CVE-2024-52770

An arbitrary file upload vulnerability in the component /admin/filemanagecontrol of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

CVE-2023-52137

The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The verify-changed-files workflow returns the list of files changed within a workflow execution. This could potentially allow...

CVE-2023-39525

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue...

CVE-2023-27245

A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...

CVE-2023-1303

A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. Th...

CVE-2022-41951

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

CVE-2021-25649

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user...

CVE-2021-40035

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability...

CVE-2021-24816

The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...