1019 matches found
PT-2024-17788 · Foxcms · Foxcms
Name of the Vulnerable Software and Affected Versions: FoxCMS versions up to 1.2 Description: A critical issue has been found in the Configuration File Handler component, specifically in the file /install/installdb.php. The manipulation of the database password argument leads to code injection...
CVE-2024-12181
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploadsadd.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be...
CVE-2024-12181
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploadsadd.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be...
CVE-2024-12181
CVE-2024-12181 affects DedeCMS 5.7.116; the vulnerability is in the SWF File Handler component via the /member/uploads_add.php endpoint, where manipulating the mediatype argument enables cross-site scripting. The issue is exploitable remotely and affects an unknown functionality of that file. Mul...
CVE-2024-12181 DedeCMS SWF File uploads_add.php cross site scripting
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploadsadd.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be...
PT-2024-17473 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A problematic vulnerability was found in DedeCMS, affecting an unknown functionality of the file /member/uploads add.php of the component SWF File Handler. The manipulation of the mediatype argument leads ...
CVE-2024-11664
CVE-2024-11664 affects eNMS up to v4.2. The vulnerability exists in the multiselect_filtering function of TGZ File Handler (eNMS/controller.py) and allows path traversal. Exploitation is possible remotely; exploit details are public. A patch is available: 22b0b443acca740fc83b5544165c1f53eff3f529....
CVE-2024-11664 eNMS TGZ File controller.py multiselect_filtering path traversal
A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselectfiltering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The...
CVE-2024-11664 eNMS TGZ File controller.py multiselect_filtering path traversal
A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselectfiltering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The...
CVE-2024-11049
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049
CVE-2024-11049 affects ZKTeco ZKBio Time 9.0.1, specifically the Image File Handler component and an unknown function of the file path /auth_files/photo/. The issue allows remote-triggered manipulation of a direct request, with attack complexity rated as HIGH and no required privileges, but no us...
ZKTeco ZKBio Time 安全漏洞
ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...
PT-2024-16723 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Time version 9.0.1 Description: A vulnerability has been found in the Image File Handler component of ZKTeco ZKBio Time, affecting an unknown function of the file /auth files/photo/. This issue leads to direct request manipulatio...
CVE-2024-10965
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965 emqx neuron JSON File schema information disclosure
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965
Vulnerability summary (CVE-2024-10965): EMQX Neuron up to version 2.10.0 is affected by an information disclosure issue in the JSON File Handler, specifically the vulnerable function at /api/v2/schema. Exploitation is possible remotely through manipulation of this endpoint due to an unknown funct...
Neuron 访问控制错误漏洞
Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. An Access Control Error vulnerability exists in Neuron version 2.10.0 and prior versions, which stems from an information...