CVE-2021-3029

EVOLUCARE ECSIMAGING aka ECS Imaging through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer...

CVE-2021-3029

EVOLUCARE ECSIMAGING aka ECS Imaging through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer...

PT-2021-18698 · Evolucare · Evolucare Ecsimaging

Name of the Vulnerable Software and Affected Versions: EVOLUCARE ECSIMAGING aka ECS Imaging versions 6.21.5 and earlier Description: The issue is related to an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The file parameter on the webpage "/showfile.php" ca...

VulnCheck KEV: CVE-2015-2067

Directory traversal vulnerability in web/ajaxpluginconf.php in the MAGMI aka Magento Mass Importer plugin for Magento Server allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

VulnCheck KEV: CVE-2008-4873

board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a downfile action...

Piwigo 2.10.1 Cross Site Scripting

Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...

CVE-2020-19890

DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $GET'file' is filename,and as there is no filter function for security, you can read any file's content...

CVE-2020-12764

Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal...

CVE-2020-7646

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

CVE-2020-7646

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

Input validation

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

CVE-2020-7646

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

PT-2020-2729

Name of the Vulnerable Software and Affected Versions curlrequest versions 1.0.0 through 1.0.1 Description The issue allows for the execution of arbitrary commands by injecting commands using a semicolon character in any of the options values. This can enable a remote attacker to execute arbitrar...

CVE-2020-12130

The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

PT-2020-2654 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier Description: The issue is related to the absence of HTTP Content-Security-Policy headers for files uploaded as file parameters to a build. This results in a stored...

CVE-2020-10387

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence ../ via the GET parameter file...

Cisco Data Center Network Manager AFW Image Upload Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...