CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

chainerrl-visualizer路径遍历漏洞

chainerrl-visualizer is Chainer's open source way to visually analyze the behavior of ChainerRL agents to make debugging easier. chainerrl-visualizer suffers from a path traversal vulnerability that stems from a failure of the Flask sendfile function to properly filter the resource or file path f...

多款Schneider Electric产品安全漏洞

The Schneider Electric OPC UA Modicon Communication Module and the Schneider Electric X80 advanced RTU Communication Module are both products of the French company Schneider Electric. The Schneider Electric OPC UA Modicon Communication Module is an Ethernet communication module with an embedded O...

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

CVE-2022-33060

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deleteschedule...

Online Railway Reservation System SQL注入漏洞

Sourcecodester Online Railway Reservation system is a web-based application that provides an online platform for rail or train station passengers or potential passengers to browse their schedules and reserve seats. sourceCodester Online Railway Reservation System v1.0 is vulnerable to a SQL...

CVE-2022-31913

Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting XSS via /odfs/classes/Master.php?f=savecategory, name...

CVE-2021-37404

A flaw was found in Apache Hadoop. Opening a file path provided by a user without validation may result in a denial of service or arbitrary code execution...

PT-2022-10651 · Apache · Apache Hadoop

Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions prior to 2.10.2 Apache Hadoop versions prior to 3.2.3 Apache Hadoop versions prior to 3.3.2 Description: There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. This issue occurs when a file path...

CVE-2022-31483

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contai...

USN-5461-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled empty password values. A remote attacker could use this issue to bypass server authentication. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. CVE-2022-24882 It was discovered that FreeRDP incorrectly handled server...

CVE-2022-31354

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=getvehicleservice...

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...

Path traversal

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...

ACEware Systems ACEweb Online Portal 安全漏洞

ACEware Systems ACEweb Online Portal is a component of the Student Manager solution from ACEware Systems, Inc. A security vulnerability exists in ACEware Systems ACEweb Online Portal version 3.5.065, which stems from the discovery that ACEweb Online Portal 3.5.065 contains an external controlled...

WordPress plugin User Meta Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A path traversal vulnerability exists in versions of the WordPress User Meta Manager plugin prior to...

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...

VulnCheck KEV: CVE-2021-36356

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix...