REVE Antivirus 安全漏洞

REVE Antivirus is an antivirus security program from REVE Antivirus, Inc. A security vulnerability exists in REVE Antivirus version 1.0.0.0, which originates from the file /usr/local/reveantivirus/tmp/reveinstall that results in incorrect default permissions...

CVE-2025-0227 Tsinghua Unigroup Electronic Archives System downLoad.html information disclosure

A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. This affects an unknown part of the file /Logs/Annals/downLoad.html. The manipulation of the argument path leads to information disclosure. It is possible to initiate t...

PT-2025-3802 · Unknown · Codezips Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: Codezips Blood Bank Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /successadmin.php. The manipulation of the argument psw leads to SQL injection. The attack may be launched remotely...

PT-2025-3775 · Tata Consultancy Services · Tcs Bancs

Name of the Vulnerable Software and Affected Versions: TCS BaNCS version 10 Description: A vulnerability was found in TCS BaNCS, affecting an unknown part of the file /REPORTS/REPORTS SHOW FILE.jsp. The manipulation of the FilePath argument leads to file inclusion. The real existence of this...

TCS BaNCS 安全漏洞

TCS BaNCS Tata Consultancy Services BaNCS is a core banking software suite from TCS Corporation. A security vulnerability exists in TCS BaNCS version 10, which stems from an incorrect operation of the parameter FilePath can result in file inclusion...

Time-of-Check Time-of-Use (TOCTOU)

Apache Tomcat is vulnerable to a Time-of-Check Time-of-Use TOCTOU. The vulnerability is due to incomplete mitigation and improper handling of file path canonicalization on case-insensitive file systems when the default servlet write is enabled, which allows an attacker to exploit race conditions ...

changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

Summary Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd o...

PT-2024-36824 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.48.05 Description: The issue is related to improper input validation in the application, which can allow attackers to perform local file read LFR or path traversal attacks. These attacks occur when user...

CVE-2024-12962

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /parse/alledits.php. The manipulation of the argument skillset leads to sql injection. The attack can be launched remotely. The...

CVE-2024-12951

A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /addpersonaldetails.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The...

PT-2024-17828 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue affects the processing of the file /add achievement details.php, where the manipulation of the argument ach certy leads to unrestricted upload. The attack...

PT-2024-17811 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical vulnerability has been found in the 1000 Projects Attendance Tracking Management System. This issue affects unknown code of the file /admin/student...

Path Traversal

pghoard is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to traverse directories and access unauthorized files with the same privileges as the pghoard process...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. 1000 Projects Attendance Tracking Management System version 1.0 suffers from an injection vulnerability, which originates from the parameter facultycourseid in the file...

CVE-2024-12066

The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

CVE-2024-12066

The CVE-2024-12066 entry concerns the SMSA Shipping (official) WordPress plugin. Affected versions up to 2.2 are vulnerable due to insufficient file path validation in the smsa_delete_label() function, enabling authenticated users with Subscriber+ privileges to delete arbitrary files on the serve...

WordPress plugin SMSA Shipping(official) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

PT-2024-17426 · WordPress · Smsa Shipping

Name of the Vulnerable Software and Affected Versions: SMSA Shipping plugin for WordPress versions up to, and including, 2.2 Description: The SMSA Shipping plugin for WordPress has a flaw in the smsa delete label function due to insufficient file path validation. This issue allows authenticated...

Directory Traversal

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read...

Complaint Management System user-search.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter search in the file /admin/user-search.php that can lead to sql injection. No details of the vulnerability...