Likeshop Code Issue Vulnerability

Likeshop is a complete solution for social commerce strategy from Likeshop open source. A code issue vulnerability exists in Likeshop 2.5.7.20210311 and earlier versions, which stems from the parameter file in the file server/application/api/controller/File.php that can lead to unrestricted uploa...

Inis security breach

Inis is a web application. A security vulnerability exists in Inis version 2.0.1, which stems from the parameter path in the file /app/api/controller/default/File.php that causes path traversal...

PT-2023-8291 · Unknown · Code-Projects Qr Code Generator

Name of the Vulnerable Software and Affected Versions: code-projects QR Code Generator version 1.0 Description: A problem exists in the code-projects QR Code Generator due to inadequate protection of the web page structure. This issue can be exploited by a remote attacker to conduct a cross-site...

Stupid Simple CMS Authorization Issues Vulnerability

Stupid Simple CMS is a content management system for codelyfe individual developers. Stupid Simple CMS 1.2.4 and earlier versions have an authorization issue vulnerability that stems from the parameter file in the file /file-manager/delete.php that causes incorrect authentication...

VulnCheck KEV: CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php...

CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component up to v2.0.1.101 in Systematica Radius up to v.3.9.256.777 allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter u...

VulnCheck KEV: CVE-2017-15363

Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

CVE-2023-36955

TOTOLINK CP300+ =V5.2cu.7594B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

CVE-2023-36955

TOTOLINK CP300+ =V5.2cu.7594B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

CVE-2023-36955

TOTOLINK CP300+ =V5.2cu.7594B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

Stack overflow

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

PT-2023-25749 · Totolink · Totolink X5000R +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0u.6118 B20201102 TOTOLINK A7000R version 9.1.0u.6115 B20201022 Description: A stack overflow issue was discovered via the File parameter in the UploadCustomModule function. This issue affects the specified version...

CVE-2023-36947

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

TOTOLINK CP300+ Buffer Error Vulnerability

The TOTOLINK CP300+ is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CP300+ version V5.2cu.7594B20200910 and prior versions, which originates from a stack overflow contained in the File parameter of the function UploadCustomModule...

PT-2023-25755 · Totolink · Totolink Cp300+

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300+ versions = V5.2cu.7594 B20200910 Description: A stack overflow issue was discovered in the UploadCustomModule function via the File parameter. Recommendations: For TOTOLINK CP300+ versions = V5.2cu.7594 B20200910, consider...

CVE-2023-36947

Totolink X5000R (v9.1.0u.6118_B20201102) and TOTOLINK A7000R (v9.1.0u.6115_B20201022) contain a stack overflow in the UploadCustomModule function, exploitable via the File parameter. Multiple sources attribute high-severity impact (potential arbitrary code execution or denial of service) to this ...

PT-2023-6718 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS version 2013-09-12 Description: The issue is a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this ...

CVE-2023-3512

Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter...