PT-2023-20440 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue concerns a Local File Inclusion vulnerability via the "web/ajax/modal.php" endpoint, where an arbitrary php file path can be passed in the reques...

MuYuCMS 路径遍历漏洞

MuYuCMS is MuYuCMS open source a lightweight open source content management system . MuYuCMS 2.2 version of a path traversal vulnerability , the vulnerability stems from the wrong operation of the parameter filepath leads to path traversal...

PT-2023-16676 · Sourcecodester · Sourcecodester Alphaware Simple E-Commerce System

Name of the Vulnerable Software and Affected Versions: SourceCodester Alphaware Simple E-Commerce System version 1.0 Description: A critical vulnerability has been found in the Payment Handler component of the affected software, specifically in the file /alphaware/summary.php. The manipulation of...

PT-2023-16702 · Sourcecodester · Sourcecodester Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Boat Reservation System version 1.0 Description: A vulnerability has been found in the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The...

PT-2023-16679 · Muyucms · Muyucms

Name of the Vulnerable Software and Affected Versions: MuYuCMS version 2.2 Description: A problematic issue has been found in the processing of the file index.php, where the manipulation of the file path argument leads to path traversal. The attack can be initiated remotely. Recommendations: For...

InSTEDD Pollit 安全漏洞

Pollit is an open source application from InSTEDD. Helps you utilize the convenience of SMS to poll your audience at your convenience. InSTEDD Pollit version 2.3.1 has a security vulnerability that stems from a problem with the function TourController in the file app/controllers/tourcontroller.rb...

The vulnerability of the keyUpload component in the Fortinet FortiNAC network access control solution allows a intruder to execute arbitrary code.

The vulnerability of the keyUpload component in the Fortinet FortiNAC network access control device is related to improper external management of file names or file paths. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted HTTP...

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

PT-2023-1417 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to incorrect external control of file name or path...

CVE-2023-0840

A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has...

SUSE CVE-2004-0452

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

SUSE CVE-2005-0448

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452...

SUSE CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

SUSE CVE-2008-2827

The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452...

SUSE CVE-2008-5302

Race condition in the rmtree function in File::Path 1.08 and 2.07 lib/File/Path.pm in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error...

SUSE CVE-2008-5303

Race condition in the rmtree function in File::Path 1.08 lib/File/Path.pm in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. ...

SUSE CVE-2009-1835

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with...

SUSE CVE-2011-3616

The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf...

SUSE CVE-2013-0180

Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds...