Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/05/25 11:45 a.m.37 views

CVE-2026-9455 Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...

10CVSS0.01909EPSS
Exploits0References5
NVD
NVD
added 2026/02/01 1:15 p.m.7 views

CVE-2022-50951

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

6.4CVSS0.00305EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/01 12:56 p.m.31 views

CVE-2022-50951 WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

6.4CVSS0.00305EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.11 views

PT-2026-5572

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

6.4CVSS6AI score0.00305EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/26 12:45 a.m.5 views

EUVD-2025-199674

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.3AI score0.00164EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-29656

Malicious code in bioql PyPI...

5CVSS4.7AI score0.01229EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:30 a.m.8 views

CVE-2024-27629

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used...

7.8CVSS7.5AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2024/06/28 12:0 a.m.16 views

CVE-2024-27629

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used...

7.8CVSS7.8AI score0.00206EPSS
Exploits0References3
CNVD
CNVD
added 2017/07/04 12:0 a.m.6 views

Synology Note Station Cross-Site Scripting Vulnerability

Synology Note Station is a cloud-based note management platform from China-based Synology Inc. A cross-site scripting vulnerability exists in Synology Note Station. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML via attached file names or note names...

5.4CVSS6AI score0.0082EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/09/30 9:9 a.m.3 views

php: gd extension NUL byte injection in file names

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...

6.4CVSS7.2AI score0.16934EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2014/07/09 12:0 a.m.34 views

Debian Security Advisory DSA 2975-1 (phpmyadmin - security update)

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. CVE-2013-49...

6.5CVSS7AI score0.01832EPSS
Exploits1References1
RubySec
RubySec
added 2013/04/08 12:0 a.m.18 views

Karteek Docsplit Gem for Ruby text_extractor.rb File Name Shell Metacharacter Injection Arbitrary Command Execution

Karteek Docsplit Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to textextractor.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...

9.3CVSS7.4AI score0.01793EPSS
Exploits3References1
RubySec
RubySec
added 2013/04/04 12:0 a.m.17 views

kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution

kelredd-pruview Gem for Ruby contains a flaw in /lib/pruview/document.rb. The issue is triggered during the handling of a specially crafted file name that contains injected shell metacharacters. This may allow a context-dependent attacker to potentially execute arbitrary commands...

9.3CVSS7.3AI score0.01605EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2012/12/18 10:17 p.m.7 views

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

4.3CVSS5.8AI score0.6477EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2010/06/21 7:30 p.m.2 views

CVE-2010-1958

Cross-site scripting XSS vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name...

2.1CVSS5.7AI score0.00991EPSS
Exploits0References8
Rows per page
Query Builder