CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...

Improper File Path Handling

unzip-stream is vulnerable to Improper File Path Handling. The vulnerability is due to the Extract method allowing malicious zip files to write to unauthorized paths...

CVE-2024-41285

A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service DoS via a crafted file path...

FAST FW300R 安全漏洞

FAST FW300R is a wireless router from the Chinese company FAST. A security vulnerability exists in FAST FW300R v1.3.13, which stems from the presence of a stack overflow that could allow an attacker to execute arbitrary code or cause a denial of service DoS via a crafted file path...

CVE-2024-41285

A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service DoS via a crafted file path...

CVE-2024-41285

A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service DoS via a crafted file path...

CVE-2024-41285

Summary: CVE-2024-41285 affects FAST FW300R (v1.3.13 Build 141023 Rel.61347n). A stack overflow in the vulnerable path handling could allow an attacker to execute arbitrary code or cause a DoS. The CVE is rated critical (CVSS v3.1: 9.8) with network access, no user interaction required. Affected ...

CVE-2024-7782

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...

CVE-2024-7777 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes i...

CVE-2024-7777

CVE-2024-7777 affects WordPress Bit Form plugin (2.0–2.13.9). Insufficient file-path validation in multiple functions allows authenticated Administrators+ to read and delete arbitrary server files (e.g., wp-config.php), potentially enabling remote code execution. Patch available in version 2.13.1...

WordPress plugin Contact Form by Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

CVE-2024-7925

A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/Ebak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. The attack may be initiated remotely. T...

PT-2024-38714 · Unknown · Sourcecodester Online Graduate Tracer System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Graduate Tracer System versions up to 1.0 Description: A critical vulnerability was found in the SourceCodester Online Graduate Tracer System, affecting an unknown function of the file /tracking/admin/fetch genderit.php...

PT-2024-38628 · Sourcecodester · Sourcecodester Yoga Class Registration System

Name of the Vulnerable Software and Affected Versions: SourceCodester Yoga Class Registration System version 1.0 Description: A critical issue has been discovered, affecting the Add User Handler component, specifically the file /classes/Users.php?f=save. This issue leads to improper authorization...

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000r is a wireless router manufactured by TOTOLINK. TOTOLINK X5000r has a command injection vulnerability in version 9.1.0cu.2350b20230313. The vulnerability arises because the setAccessDeviceCfg function within the /cgi-bin/cstecgi.cgi file fails to properly validate or clean up...

CLSA-2024-1723060627 tomcat: Fix of CVE-2021-25329

Fix file path bug introduced by the CVE-2021-25329 fix...

CVE-2024-7460

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /changepassword.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The...

TOTOLINK EX1200L 安全漏洞

TOTOLINK EX1200L is a dual-band wireless signal amplifier launched by China Gion Electronics, which is mainly used to extend Wi-Fi coverage. TOTOLINK EX1200L suffers from a buffer overflow vulnerability, which originates from the parameter week/sTime/eTime in the file /cgi-bin/cstecgi.cgi that ca...

CVE-2024-7284

A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=savesettings. The manipulation of the argument about leads to cross site scripting. It is possible to initiate t...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application by the individual developer Chuan Hu. It provides a fast and easy-to-use web graphical interface and many additional features for many LLMs such as ChatGPT. A security vulnerability exists in ChuanhuChatGPT version 20240410, which stems from improper file path...