Engineers Online Portal Code Issue Vulnerability

Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. A code issue vulnerability exists in SourceCodester Engineers Online Portal, which stems from an unrestricted upload due to...

PT-2023-23429 · Fuxa · Fuxa

Name of the Vulnerable Software and Affected Versions: FUXA versions 1.1.12 and earlier Description: The issue is related to a Local File Inclusion vulnerability. It can be exploited via the file parameter, specifically by accessing the fuxa.log file. Recommendations: For versions 1.1.12 and...

Directory traversal

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could...

PT-2023-28284 · WordPress · Orders Tracking For Woocommerce

Name of the Vulnerable Software and Affected Versions: Orders Tracking for WooCommerce WordPress plugin version 1.2.5 and earlier Description: The issue allows high privilege users with the manage woocommerce capability to access any file on the web server via a Traversal attack when importing a...

D-Link DAR-8000 操作系统命令注入漏洞

D-Link DAR-8000 is the Internet Behavior Audit Gateway from China AUO D-Link. The D-Link DAR-8000-10 suffers from an operating system command injection vulnerability that originates from the file parameter of /log/decodmail.php failing to correctly filter constructed command special characters,...

CVE-2022-31200

Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field...

PT-2023-26497 · Openrapid · Openrapid Rapidcms

Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS versions up to 1.3.1 Description: A critical issue affects the file /admin/upload.php, where the manipulation of the file argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...

CVE-2023-34835

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable deletefile parameter...

MicroWorld Technologies eScan Management Console 跨站脚本漏洞

MicroWorld Technologies eScan Management Console is an eScan management console from MicroWorld Technologies, Inc. A cross-site scripting vulnerability exists in Microworld Technologies eScan Management console version v.14.0.1400.2281, which originates from a vulnerability that allows remote...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

PT-2023-23774 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A vulnerability has been found in an unknown functionality of the file usersNews deal.php. The manipulation of the file argument leads to path traversal, specifically '../filedir'. Recommendations: For...

CVE-2023-22586

The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter...

PT-2023-18571 · Danfoss · Danfoss Ak-Em100

Name of the Vulnerable Software and Affected Versions: Danfoss AK-EM100 affected versions not specified Description: The issue concerns Local File Inclusion in the file parameter of the web application. This allows for potential access to sensitive files on the system. Recommendations: At the...

Danfoss AK-EM100 web applications 信息泄露漏洞

Danfoss AK-EM100 web applications is a web application from Danfoss, Denmark. It provides a web-based graphical user interface to the store that allows a range of everyday users to locally or remotely monitor data, alarms, and reports on all of their refrigeration equipment. A security...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

GHSA-46F2-X6H2-X9HX Jenkins File Parameter Plugin arbitrary file write vulnerability

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

Jenkins File Parameter Plugin arbitrary file write vulnerability

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...