Lucene search
K

834 matches found

Cvelist
Cvelist
added 2024/03/12 3:26 p.m.28 views

CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

7.3CVSS7AI score0.00488EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.5 views

s::can moni::tools Information Disclosure Vulnerability

s::can moni::tools is a platform from s::can that manages a virtually unlimited number of sites, online probes, analyzers, and parameters. An information disclosure vulnerability exists in s::can moni::tools version 4.6.3 and earlier versions, which originates from the ability to change the...

7.3CVSS6.1AI score0.00488EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.3 views

CodeAstro Membership Management System SQL Injection Vulnerability

CodeAstro Membership Management System is a membership management system from CodeAstro, Inc. A SQL injection vulnerability exists in CodeAstro Membership Management System v.1.0 that could allow a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php componen...

8.8CVSS8.5AI score0.00786EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/02/12 10:38 a.m.4 views

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

4.4CVSS7.3AI score0.00244EPSS
Exploits0References5
CNVD
CNVD
added 2024/01/24 12:0 a.m.5 views

TOTOLINK LR1200GB UploadCustomModule function stack buffer overflow vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a stack buffer overflow...

9.8CVSS8.2AI score0.01065EPSS
Exploits0References1
OSV
OSV
added 2024/01/16 4:15 p.m.9 views

CVE-2023-2252

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...

2.7CVSS6.6AI score
Exploits0References1
OSV
OSV
added 2024/01/12 7:15 p.m.2 views

CVE-2024-0465

A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument downloadfile leads to path traversal: '../filedir'. The exploit has been disclosed to the...

5.3CVSS4.9AI score0.00728EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.5 views

Inis security breach

Inis is a web application. A security vulnerability exists in Inis version 2.0.1, which stems from the parameter path in the file /app/api/controller/default/File.php that causes path traversal...

7.5CVSS6.8AI score0.00614EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.4 views

Likeshop Code Issue Vulnerability

Likeshop is a complete solution for social commerce strategy from Likeshop open source. A code issue vulnerability exists in Likeshop 2.5.7.20210311 and earlier versions, which stems from the parameter file in the file server/application/api/controller/File.php that can lead to unrestricted uploa...

9.8CVSS7AI score0.70688EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.4 views

PT-2023-8291 · Unknown · Code-Projects Qr Code Generator

Name of the Vulnerable Software and Affected Versions: code-projects QR Code Generator version 1.0 Description: A problem exists in the code-projects QR Code Generator due to inadequate protection of the web page structure. This issue can be exploited by a remote attacker to conduct a cross-site...

6.4CVSS6.5AI score0.00514EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.5 views

Stupid Simple CMS Authorization Issues Vulnerability

Stupid Simple CMS is a content management system for codelyfe individual developers. Stupid Simple CMS 1.2.4 and earlier versions have an authorization issue vulnerability that stems from the parameter file in the file /file-manager/delete.php that causes incorrect authentication...

9.1CVSS6.8AI score0.01201EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2023/12/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php...

9.8CVSS7.4AI score0.82585EPSS
Exploits6References1
OSV
OSV
added 2023/11/30 10:15 p.m.5 views

CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component up to v2.0.1.101 in Systematica Radius up to v.3.9.256.777 allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter u...

5.3CVSS5.9AI score0.01069EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-15363

Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter...

7.5CVSS7.2AI score0.13649EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/10/30 11:24 a.m.5 views

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

4.4CVSS7.3AI score0.00244EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/10/30 11:10 a.m.6 views

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

4.4CVSS7.3AI score0.00244EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/10/16 6:15 a.m.4 views

CVE-2023-36955

TOTOLINK CP300+ =V5.2cu.7594B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

9.8CVSS7.4AI score0.00701EPSS
Exploits1References2
OSV
OSV
added 2023/10/16 6:15 a.m.5 views

CVE-2023-36955

TOTOLINK CP300+ =V5.2cu.7594B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

9.8CVSS5.8AI score0.00701EPSS
Exploits1References1
NVD
NVD
added 2023/10/16 6:15 a.m.22 views

CVE-2023-36955

TOTOLINK CP300+ =V5.2cu.7594B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

9.8CVSS9.7AI score0.00701EPSS
Exploits1References1
Prion
Prion
added 2023/10/16 5:15 a.m.24 views

Stack overflow

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

7.5CVSS9.6AI score0.00817EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder