FLIR AX8 安全漏洞

FLIR AX8 is a thermal sensor with imaging capabilities from FLIR, Inc. A security vulnerability exists in FLIR AX8 version 1.46 and earlier, which stems from improper manipulation of the parameter File in the file /upload.php, which may result in an unlimited upload...

VulnCheck KEV: CVE-2009-1558

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

WukongCRM 代码注入漏洞

WukongCRM is a Customer Relationship Management CRM system from China Wukong Wukong. A code injection vulnerability exists in WukongCRM version 9.0, which stems from cross-site scripting due to incorrect manipulation of the parameter File in the file AdminSysConfigController.java...

WebStack-Guns 安全漏洞

WebStack-Guns is an open source URL navigation website project by Dana Keeling, an individual developer, with a backend based on Guns and Springboot. A security vulnerability exists in WebStack-Guns version 1.0, which stems from cross-site scripting due to incorrect manipulation of the parameter...

web-flash 安全漏洞

web-flash is an open source web system based on Spring Boot and Vue.js by enilu. A security vulnerability exists in web-flash version 1.0, which originates from a cross-site scripting attack due to a misuse of the parameter File...

CVE-2025-4857

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server,...

XueShengZhuSu 路径遍历漏洞

XueShengZhuSu is a software used for student accommodation management by a Chinese ashinigit individual developer. A path traversal vulnerability exists in XueShengZhuSu, which is caused by a path traversal vulnerability due to misuse of the File parameter in the file /upload/...

Tmall_demo 代码问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from the incorrect operation of the parameter File in the file tmall/admin/uploadCategoryImage, resulting in unlimited uploads...

CVE-2024-7579

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os...

CVE-2024-37631

TOTOLINK A3700R V9.1.2u.616520211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

CVE-2023-22586

The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter...

Kelixun Communication Command and Dispatch Management Platform 命令注入漏洞

Kelixun Communication Command and Dispatch Management Platform Kelixun is a communication command and dispatch management platform from Kelixun, China. A command injection vulnerability exists in Kelixun Communication Command and Dispatch Management Platform version 1.0, which originates from os...

CVE-2022-41520

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function...

CVE-2022-34125

front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter...

CVE-2022-29398

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN0041309c...

CVE-2021-39433

A local file inclusion LFI vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user...

CVE-2021-24154

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the downloadfile function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd...