CVE-2023-52544

Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-52544

CVE-2023-52544 is a file path verification bypass in Huawei HarmonyOS/EMUI email module. The root cause is improper file path handling within the email component, leading to potential confidentiality impact. CVSSv3.1 metrics indicate a low-severity, network-scope issue with low privileges and no ...

CVE-2023-52544

Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-31011

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...

CVE-2024-31011

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...

CVE-2024-31011

CVE-2024-31011 affects beescms v4.0, where an Arbitrary file write vulnerability exists in admin_template.php due to a file path that was not isolated and an unverified suffix. This allows a remote attacker to write arbitrary files and, as described, execute arbitrary code. The impact is consiste...

Computer Laboratory Management System v1.0 - Multiple-SQLi

Title: Computer Laboratory Management System v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 03/28/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.htmlcomment-104400 Reference:...

PT-2024-24071 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic issue has been found, affecting an unknown function of the file /src/dede/member rank.php. This issue leads to cross-site request forgery and can be exploited remotely. Recommendations: For DedeC...

PT-2024-24101 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic vulnerability was found in DedeCMS, affecting unknown code of the file /src/dede/makehtml map.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit has be...

PT-2024-24091 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic issue has been found in DedeCMS, affecting an unknown part of the file /src/dede/makehtml rss action.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit...

CVE-2024-3129

A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument imagename leads to unrestricted upload. It is possible to initiate the attack remotel...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when redirecting a log file to any file location with any file name...

NetentSec NS-ASG 安全漏洞

NetentSec NS-ASG is an application security gateway from China NetentSec. A security vulnerability exists in NetentSec NS-ASG version 6.3, which originates from an SQL injection vulnerability in the /3g/index.php file...

PT-2024-23338 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical issue has been found in the Netentsec NS-ASG Application Security Gateway, affecting unknown code of the file /protocol/log/listloginfo.php. The manipulation...

Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure Authenticated Date: 2023-03-26 Exploit Author: Sean Pesce Vendor Homepage: https://asterisk.org/ Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ Version: 18.20.0 Tested on: Debian Linux CVE:...

Teledyne FLIR AX8 授权问题漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. An authorization issue vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from an improper authorization vulnerability in the file /tools/testlogin.php...

Tenda AC15 formExpandDlnaFile method stack buffer overflow vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. Tenda AC15 suffers from a stack buffer overflow...

CVE-2024-2820

A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has...

CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...

CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...