CVE-2023-28102

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

CVE-2022-32199

dbconvert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter...

discordrb操作系统命令注入漏洞

discordrb is Shard Lab's personal developer's repository for implementing the Discord API using Ruby. Discordrb suffers from an operating system command injection vulnerability that stems from the encoder.rb file insecurely constructing a shell string using the file parameter, which leaves the...

PT-2023-21560 · Discordrb · Discordrb

Name of the Vulnerable Software and Affected Versions: discordrb versions prior to commit 91e13043ffa Description: The discordrb library, an implementation of the Discord API using Ruby, has a command injection issue due to the unsafe construction of a shell string using the file parameter in the...

CVE-2023-27903

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to...

CVE-2023-27903

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to...

Design/Logic Flaw

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to...

CVE-2023-27903

CVE-2023-27903 affects Jenkins/Jenkins-2-plugins. The connected documents describe it as "Temporary file parameter created with insecure permissions", enabling a local attacker with access to the controller’s filesystem to read/write the temporary file before it is used. Red Hat advisories (RHSA-...

CVE-2021-32302

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter...

Cross site scripting

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter...

iRZ Mobile Routers 跨站脚本漏洞

iRZ Mobile Routers is a series of mobile routers from the Russian company iRZ. A security vulnerability exists in iRZ Mobile Routers. An attacker could use this vulnerability to obtain sensitive information via the Upload File parameter...

GNU Emacs 命令注入漏洞

GNU Emacs is a family of text editors in the American GNU community. A security vulnerability exists in GNU Emacs version 28.2 and earlier versions, which stems from not escaping the file parameter and the srcdir parameter. An attacker can exploit this vulnerability to execute arbitrary commands...

SUSE CVE-2010-3447

Cross-site scripting XSS vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a viewfile action...

SUSE CVE-2012-3551

Cross-site scripting XSS vulnerability in crowbarframework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils...

SUSE CVE-2017-11630

dapur\apps\appconfig\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853...

SUSE CVE-2019-10352

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...

SUSE CVE-2019-20378

ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter...

Online Food Ordering System 跨站脚本漏洞

Online Food Ordering System is an online food ordering system. A cross-site scripting vulnerability exists in Online Food Ordering System, which is caused by a lack of effective filtering and escaping of user-supplied data in the page parameter of index.php page, which can be exploited by attacke...

Command injection

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

CVE-2022-45928

A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...