CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

Code injection

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

CVE-2023-32986

CVE-2023-32986 concerns the Jenkins File Parameter Plugin. Versions 285.v757c5b_67a_c25 and earlier allow attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system by supplying attacker-chosen content, due to an unrestricted Stashed File P...

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

Jenkins Plugin File Parameter 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-24119 · Jenkins · Jenkins File Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins File Parameter Plugin versions 285.v757c5b 67a c25 and earlier Description: The issue allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

PT-2023-20808 · Unknown · Caton Live +1

Name of the Vulnerable Software and Affected Versions: Caton Live versions up to 2023-04-26 Description: A critical issue affects the Mini HTTPD component, specifically the /cgi-bin/ping.cgi file. The manipulation of the address argument with the input ;id;uname$IFS-a leads to command injection...

PT-2023-22344 · Unknown · Antabot White-Jotter

Name of the Vulnerable Software and Affected Versions: Antabot White-Jotter version 0.2.2 Description: The issue allows remote attackers to execute malicious code via the file parameter to the coversUpload function. This enables attackers to upload malicious files, potentially leading to code...

Task Reminder System 跨站脚本漏洞

Task Reminder System is a task reminder system. A cross-site scripting vulnerability exists in Task Reminder System version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameter id of the file Users.php. No details of the vulnerability are available at this time...

PT-2023-22458 · Unknown · Spreadsheet-Reader

Name of the Vulnerable Software and Affected Versions: spreadsheet-reader version 0.5.11 Description: A Local File inclusion issue in test.php allows remote attackers to include arbitrary files via the File parameter. This could potentially lead to sensitive information disclosure or other securi...

spreadsheet-reader 路径遍历漏洞

spreadsheet-reader is Nuovo open source PHP spreadsheet reader. A security vulnerability exists in spreadsheet-reader version 0.5.11, which stems from a local file inclusion vulnerability that allows remote attackers to include arbitrary files via the File parameter...

CVE-2022-34125

front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter...

CVE-2023-27650

An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONTFILE parameter...

PT-2023-2509 · Ftp Admin · Ftp Admin

Name of the Vulnerable Software and Affected Versions: tpAdmin version 1.3.12 Description: The issue affects the Upload function of the file applicationadmincontrollerUpload.php. The manipulation of the file argument leads to unrestricted upload. The attack may be initiated remotely. This allows ...

APUS Launcher 安全漏洞

APUS Launcher is an application from Kirin Hesheng Technology APUS, a company based in Beijing, China. Automatically sorts your apps by category on the home screen to quickly and easily find the apps you want. A security vulnerability exists in APUS Launcher versions v.3.10.73 and v.3.10.88, whic...

PT-2023-21284 · Apus · Apus Group Launcher

Name of the Vulnerable Software and Affected Versions: APUS Group Launcher versions 3.10.73 through 3.10.88 Description: An issue in the APUS Group Launcher allows a remote attacker to execute arbitrary code via the FONT FILE parameter. Recommendations: For versions 3.10.73 and 3.10.88, consider...

CVE-2020-19678

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricatalogsbrowser.php...

CVE-2020-19678

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricatalogsbrowser.php...