Lucene search
K

46 matches found

Vulnrichment
Vulnrichment
added 2025/04/25 5:25 a.m.6 views

CVE-2025-3923 Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...

5.3CVSS6.9AI score0.00333EPSS
Exploits0References3
NVD
NVD
added 2025/03/25 6:15 a.m.7 views

CVE-2024-10210

An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL 4.4-005P may allow an authenticated network-based attacker to access data from the file system...

8.4CVSS0.00408EPSS
Exploits0References1
CVE
CVE
added 2024/12/12 12:35 p.m.56 views

CVE-2024-28142

The CVE-2024-28142 entry describes stored cross-site scripting via improper input sanitization on the Image Access Scan2Net (and related lines) File Name input on the User Settings page (/cgi/uset.cgi?-cfilename). The root cause is inadequate filtering of the file name and wildcard character inpu...

4.7CVSS6.7AI score0.00452EPSS
Exploits0References3
Snyk
Snyk
added 2024/10/24 6:30 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file name. An attacker who can upload heic images is able to execute code on the remote server. Remediation Upgrade maestroerror/php-heic-to-jpg to version 1.0.5 or higher. References - GitHub Commit -...

9.8CVSS8.1AI score0.00961EPSS
Exploits1References2
CNVD
CNVD
added 2024/05/15 12:0 a.m.2 views

Dell PowerScale OneFS File Name or Path External Control Vulnerability

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has an external control of file name or path vulnerability that can be exploited by an attacker to cause a denial of...

6.1CVSS6.8AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has an external control of file name or path vulnerability that can be exploited by an attacker to cause a denial of...

6.1CVSS6.7AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.4 views

Syncthing 跨站脚本漏洞

Syncthing is an open source continuous file synchronization program from The Syncthing Project. A cross-site scripting vulnerability exists in versions prior to Syncthing 1.23.5, which stems from an infected instance with a shared folder that can synchronize malicious files with arbitrary HTML an...

5.4CVSS5.4AI score0.00778EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/05 12:0 a.m.7 views

CVE-2023-2554 External Control of File Name or Path in unilogies/bumsys

External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0...

7.2CVSS7.1AI score0.29134EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.3 views

SUSE CVE-2015-8105

Cross-site scripting XSS vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload...

3.5CVSS6AI score0.01459EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.6 views

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...

7.5CVSS7.1AI score0.00883EPSS
Exploits0References4
OSV
OSV
added 2022/06/02 2:15 p.m.6 views

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...

7.5CVSS5.8AI score0.00883EPSS
Exploits0References3
CVE
CVE
added 2022/04/08 7:50 p.m.88 views

CVE-2022-26851

Dell PowerScale OneFS (8.2.2–9.3.x) contains a vulnerability described as a predictable file name from observable state. An unprivileged, remote attacker could exploit it to cause data loss. Affected component/condition corresponds to the observable state of file naming; the exact root cause is d...

9.1CVSS9AI score0.00894EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/20 6:42 a.m.2 views

Multiple cross-site scripting vulnerabilities in php_mailform

Overview phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Reflected cross-site scripting vulnerability regarding the attached file name CWE-79 -...

6.1CVSS6.2AI score0.00955EPSS
Exploits0References7
OSV
OSV
added 2021/04/08 6:11 p.m.2 views

GHSA-XGXC-V2QG-CHMH Directory Traversal in Django

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

6.9CVSS7.1AI score0.03865EPSS
Exploits0References11
OSV
OSV
added 2020/09/03 3:15 p.m.4 views

CVE-2020-25104

eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension...

5.4CVSS6.1AI score0.00576EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2019/12/05 4:34 p.m.9 views

CVE-2019-7195

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions...

9.5AI score0.89681EPSS
Exploits9References2
Cvelist
Cvelist
added 2018/09/28 8:0 p.m.24 views

CVE-2018-9081 Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content...

4.4AI score0.0055EPSS
Exploits0References1
CVE
CVE
added 2018/05/15 10:0 p.m.67 views

CVE-2018-7495

CVE-2018-7495 affects Advantech WebAccess family (WebAccess, WebAccess Dashboard, Scada Node, NMS) due to an external control of file name or path caused by insufficient validation of user-supplied paths before file operations. This may allow an attacker to delete arbitrary files. Affected versio...

7.5CVSS7.5AI score0.02215EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/07/18 6:0 p.m.19 views

CVE-2017-5247

Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticat...

5.2AI score0.00503EPSS
Exploits0References2
OSV
OSV
added 2016/05/11 9:59 p.m.3 views

UBUNTU-CVE-2016-1236

Multiple cross-site scripting XSS vulnerabilities in 1 revision.php, 2 log.php, 3 listing.php, and 4 comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a a file or b directory in a repository...

6.1CVSS6.4AI score0.00857EPSS
Exploits0References3
Rows per page
Query Builder