PT-2024-38551 · Wanglongcn · Ltcms

Name of the Vulnerable Software and Affected Versions: wanglongcn ltcms version 1.0.20 Description: A critical issue has been found, affecting the downloadUrl function of the /api/file/downloadUrl API Endpoint. The manipulation of the file argument leads to server-side request forgery, which can ...

Wanglong LTcms 路径遍历漏洞

Wanglong LTcms is an enterprise website builder from China NetDragon Wanglong. A path traversal vulnerability exists in Wanglong LTcms version 1.0.20, which stems from an incorrect operation of the parameter file that can lead to path traversal...

Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a vulnerability in its dependencies

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to Unix File Parameter Alteration Vulnerability Details CVEID:CVE-2020-3452 DESCRIPTION: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software could allow a remote...

The vulnerability of the UploadCustomModule (/cgi-bin/cstecgi.cgi) function in the TOTOLINK A3300R router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UploadCustomModule /cgi-bin/cstecgi.cgi function in the TOTOLINK A3300R router microprogramming software arises due to an overflow of the buffer on the stack during the processing of the File parameter. Exploiting this vulnerability allows a malicious actor to compromise...

Alien ALR-F800 操作系统命令注入漏洞

The Alien ALR-F800 is an RFID sensor from Alien. An operating system command injection vulnerability exists in the Alien ALR-F800 version 19.10.24.00 and prior versions, which stems from the uploadedFile parameter in the /admin/system.html file containing an operating system command injection...

Alien ALR-F800 操作系统命令注入漏洞

The Alien ALR-F800 is an RFID sensor from Alien. An operating system command injection vulnerability exists in the Alien ALR-F800 version 19.10.24.00 and prior versions, which stems from an operating system command injection vulnerability contained in the uploadedFile parameter in the File Name...

The vulnerability of the hfy-istext-command function in the EMACS text editor allows a hacker to execute arbitrary code.

The vulnerability of the hfy-istext-command function in the EMACS text editor is related to improper escaping of output data. Exploiting this vulnerability allows an attacker to execute arbitrary code using the parameters “file” and “srcdir”...

TOTOLINK CP900 安全漏洞

The TOTOLINK CP900 is a wireless router. The TOTOLINK CP900 suffers from a buffer overflow vulnerability that stems from improper handling of the File parameter in the UploadCustomModule function of the file /cgi-bin/cstecgi.cgi. An attacker can use this vulnerability to cause a crash of the...

CVE-2024-7331

A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The explo...

PT-2024-5476 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A critical issue was found in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file, which can be exploited remotely. The manipulation of the File argument leads to a buff...

D-Link DAR-7000 代码问题漏洞

DAR-7000 is an Internet Behavior Audit Gateway from China AUO D-Link. AUO Electronic Devices Shanghai Co. A code issue vulnerability exists in the DAR-7000, which stems from the file parameter of /log/decodmail.php being able to deserialize certain content. No details of the vulnerability are...

CVE-2024-5936 Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

PrivateGPT Input Validation Error Vulnerability

PrivateGPT is an AI project. An input validation error vulnerability exists in PrivateGPT version 0.5.0 that stems from mishandling of the file parameter, allowing an attacker to redirect a user to a URL specified by user-controlled input without proper validation or cleanup...

CVE-2024-3597

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rcexportedzipfile parameter. This makes it possible for unauthenticated attackers to...

CVE-2024-37631

TOTOLINK A3700R V9.1.2u.616520211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule...

CVE-2024-37631

TOTOLINK A3700R V9.1.2u.616520211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule...

PT-2024-27686 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6165 20211012 Description: The issue is related to a stack overflow that occurs via the File parameter in the UploadCustomModule function. This allows for potential exploitation. Recommendations: For TOTOLINK...

IRZ RUH2 Cross-site Scripting (CVE-2021-32302)

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable...

PT-2024-35881 · Sourcecodester · Itsourcecode Vehicle Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Vehicle Management System version 1.0 Description: A critical issue has been found, affecting an unknown part of the file /newvehicle.php. The manipulation of the file argument leads to unrestricted upload. It is possible to...

CVE-2024-34193

smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading...