837 matches found
CVE-2023-53772
CVE-2023-53772 concerns MiniDVBLinux 5.4 with an arbitrary file disclosure via the about page. The vulnerability arises from improper handling of the GET parameter file used to disclose arbitrary file contents, enabling path traversal to read system files. Public descriptions from multiple source...
PT-2025-50269
Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 contains a flaw that allows attackers to read sensitive system files. This is possible through the 'file' GET parameter on the about page, enabling disclosure of arbitrary file...
CVE-2025-14195
A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/addfilequery.php. The manipulation of the argument perfile results in unrestricted upload. The attack may be launched remotely. The exploit has been...
CVE-2025-14182
A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to t...
Code-Projects Employee Profile Management System 代码问题漏洞
Employee Profile Management System is an employee profile management system. Employee Profile Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter perfile in the file /profiling/addfilequery.php. No details of the...
Sobey Media Convergence System 路径遍历漏洞
The Sobey Media Convergence System is a media convergence system from the Chinese company Sobey. A path traversal vulnerability exists in Sobey Media Convergence System versions 2.0 and 2.1, which can be caused by incorrect manipulation of the File parameter in the file...
PT-2025-49393
Name of the Vulnerable Software and Affected Versions Sobey Media Convergence System versions 2.0 through 2.1 Description A path traversal issue exists in Sobey Media Convergence System versions 2.0 and 2.1. The issue is related to the manipulation of the File argument within the...
CVE-2020-36878
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...
CVE-2020-36878
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...
EUVD-2020-30826
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...
CVE-2020-36878
CVE-2020-36878 affects ReQuest Serious Play Media Player 3.0 and older builds (3.0.0, 2.1.0.831, 1.5.2.822, 1.5.2.821, 1.5.1.820). The issue is an unauthenticated directory traversal/file disclosure caused by improper verification of the file parameter used by tail.html and file.html scripts to r...
PT-2025-49272
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...
oci-helper 路径遍历漏洞
oci-helper is a visual Oracle Cloud helper by Yohann Personal Developer. A path traversal vulnerability exists in oci-helper 3.2.4 and earlier versions, which stems from a misbehavior with the parameter File in the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java, which...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
CVE-2025-13415 affects icret EasyImages up to 2.8.6. The issue lies in the SVG Image Handler’s /app/upload.php where manipulating the File parameter enables cross-site scripting. Attacks are described as remotely initiable. The Red Hat and other feeds corroborate the same vulnerability details. N...
EasyImages 代码注入漏洞
EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A code injection vulnerability exists in EasyImages 2.8.6 and earlier versions, which stems from improper manipulation of the parameter File in the component SVG...
PT-2025-47537
Name of the Vulnerable Software and Affected Versions icret EasyImages versions up to 2.8.6 Description A flaw exists in icret EasyImages, specifically within the SVG Image Handler component, affecting the file /app/upload.php. Manipulation of the File argument can lead to cross site scripting...
DouPHP 代码问题漏洞
DouPHP is an enterprise website builder from China DouPHP Company. A code issue vulnerability exists in DouPHP 1.8 Release 20251022 and earlier versions, which stems from the incorrect operation of the parameter File in the file upload/include/file.class.php, which can lead to unlimited uploads...