CVE-2020-22987

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task...

TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50669)

TOTOLINK N600R is a wireless router from Taiwan, China-based Gion Electronics TOTOLINK.A buffer overflow vulnerability exists in TOTOLINK N600R V4.3.0cu.7647B20210106, which stems from a lack of length validation of the File parameter in the FUN0041309c function. An attacker could exploit this...

CMSimple_XH Code Execution Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that can be exploited by an attacker to upload a PHP load using the File parameter to gain privileges from a...

CVE-2022-29398

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN0041309c...

CVE-2022-29398

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN0041309c...

CVE-2022-29398

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN0041309c...

Stack overflow

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN0041309c...

CVE-2022-29398

CVE-2022-29398 affects TOTOLINK N600R V4.3.0cu.7647_B20210106. The vulnerability is a stack overflow in the function FUN_0041309c caused by lack of length validation of the File parameter. Impact per sources is a buffer overflow that could be exploited remotely over the network; CVSS metrics indi...

CVE-2022-29398

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN0041309c...

TOTOLINK N600R 缓冲区错误漏洞

TOTOLINK N600R is a wireless router from Taiwan, China-based Gion Electronics TOTOLINK.A buffer overflow vulnerability exists in TOTOLINK N600R V4.3.0cu.7647B20210106, which stems from a lack of length validation of the File parameter in the FUN0041309c function. An attacker could exploit this...

CMSimple 代码问题漏洞

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that can be exploited by an attacker to upload a PHP load using the File parameter to gain privileges from a...

PT-2022-13669 · WordPress · Simple File List

Name of the Vulnerable Software and Affected Versions: Simple File List WordPress plugin versions up to and including 3.2.7 Description: The issue allows unauthenticated attackers to download arbitrary files due to missing controls in the eeFile parameter found in the /includes/ee-downloader.php...

PT-2022-18973 · Reprise · Reprise License Manager

Name of the Vulnerable Software and Affected Versions: Reprise License Manager version 14.2 Description: The issue is a reflected cross-site scripting vulnerability XSS in the "/goform/rlmswitchr process" file parameter via GET. Authentication is required to exploit this issue. Recommendations: F...

Remote code execution

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability...

CVE-2021-44608

Multiple Cross Site Scripting XSS vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the 1 file parameter and 2 type parameter in an edit action in index.php...

BloofoxCms 跨站脚本漏洞

BloofoxCms is a Php-based text content management system from alexlang24 personal developer. bloofoxCMS suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the file and type parameters in index.php. An attacker...

GHSA-673J-QM5F-XPV8 pgjdbc Arbitrary File Write Vulnerability

Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...

CVE-2021-46427

An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php...

CVE-2022-22851

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php...

Directory traversal

Specially-crafted command line arguments can lead to arbitrary file deletion. The handledelete function does not attempt to sanitize or otherwise validate the contents of the file parameter passed to the function as argv1, allowing an authenticated attacker to supply directory traversal primitive...