CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

CVE-2022-3008 Command Injection on tinygltf

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

Garage Management System 跨站脚本漏洞

Garage Management System is a garage management system that helps you manage all your vehicles, cars and motorcycles. A cross-site scripting vulnerability exists in Garage Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the brandname...

CVE-2022-2638

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...

PT-2022-23506 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description: The issue concerns a hardcoded password for the root user located at /etc/shadow.sample. This could potentially allow unauthorized access to the system. Recommendations: For TOTOLINK...

CVE-2022-36696

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletestockout...

CVE-2022-35175

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hiddenid parameter at /blotter/blotter.php...

JPEGDEC 安全漏洞

JPEGDEC is a JPEG decoder optimized for Arduino by the individual developer Larry Bank. A security vulnerability exists in JPEGDEC that stems from a segmentation error in the fseek module of the /src/jpeg.inl file...

CVE-2022-35426

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file...

PT-2022-22819 · Ucms · Ucms

Name of the Vulnerable Software and Affected Versions: UCMS version 1.6 Description: The issue allows for arbitrary file upload via the ucms/sadmin/file PHP file. Recommendations: For version 1.6, consider restricting access to the ucms/sadmin/file PHP file to minimize the risk of exploitation...

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

CVE-2022-36302

The CVE-2022-36302 entry concerns a file path traversal-like vulnerability in BF-OS versions 3.00–3.83 . The issue allows an attacker to manipulate the file path to access other resources that may contain sensitive information. Affected component is the BF-OS path handling; the root cause is impr...

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

Bosch BF-OS 注入漏洞

Bosch BF-OS is an operating system from Bosch, Germany that runs in 100% BF. An injection vulnerability exists in BF-OS versions 3.00 through 3.83, which stems from a file path manipulation vulnerability that allows an attacker to modify a file path to access different resources that may contain...

PT-2022-23297 · Bf-Os · Bf-Os

Name of the Vulnerable Software and Affected Versions: BF-OS versions 3.00 through 3.83 Description: The issue allows an attacker to modify the file path, potentially accessing different resources that may contain sensitive information. Recommendations: For BF-OS versions 3.00 through 3.83,...

CVE-2022-36918

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36913

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36908

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...