941 matches found
CVE-2025-11018
Four-Faith Water Conservancy Informatization Platform 1.0 is affected by a path traversal flaw. The vulnerability lies in the handling of the fileName argument of the endpoint chain /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do, enabling remote exploitation. An exploit has bee...
CVE-2025-11018 Four-Faith Water Conservancy Informatization Platform download.do;usrlogout.do.do path traversal
A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal. It is possible to launch...
Four-Faith Water Conservancy Informatization Platform 路径遍历漏洞
Four-Faith Water Conservancy Informatization Platform is a water conservancy informatization system from Four-Faith. A path traversal vulnerability exists in Four-Faith Water Conservancy Informatization Platform version 1.0, which originates from an attack on the file /sysRole/index.do/... /...
PT-2025-39642
Name of the Vulnerable Software and Affected Versions Four-Faith Water Conservancy Informatization Platform version 1.0 Description A path traversal flaw exists in Four-Faith Water Conservancy Informatization Platform version 1.0. The issue affects an unknown function within the file...
CVE-2025-10708
A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /history/historyDownload.do;usrlogout.do. The manipulation of the argument fileName leads to path traversal. Remote...
CVE-2025-10709
A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName results in path traversal. The attack can be...
CVE-2025-10708
A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /history/historyDownload.do;usrlogout.do. The manipulation of the argument fileName leads to path traversal. Remote...
CVE-2025-10708
A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /history/historyDownload.do;usrlogout.do. The manipulation of the argument fileName leads to path traversal. Remote...
CVE-2025-10708
The CVE-2025-10708 entry concerns Four-Faith Water Conservancy Informatization Platform 1.0. Affected: an unknown functionality of the files /history/historyDownload.do;usrlogout.do. Root cause: manipulation of the fileName argument leads to path traversal. Impact: remote exploitation is possible...
PT-2025-38528
Name of the Vulnerable Software and Affected Versions Four-Faith Water Conservancy Informatization Platform version 1.0 Description A path traversal vulnerability exists due to the manipulation of the fileName argument. This issue affects some unknown functionality within the files...
PT-2025-38526
Name of the Vulnerable Software and Affected Versions Four-Faith Water Conservancy Informatization Platform version 1.0 Description A security vulnerability has been detected due to path traversal. The manipulation of the argument fileName in an unknown functionality of the file...
Four-Faith Water Conservancy Informatization 安全漏洞
Four-Faith Water Conservancy Informatization is a water conservancy informatization system from China Four-Faith Four-Faith. A security vulnerability exists in Four-Faith Water Conservancy Informatization version 1.0, which stems from an incorrect manipulation of the parameter fileName in the fil...
Four-Faith Water Conservancy Informatization 安全漏洞
Four-Faith Water Conservancy Informatization is a water conservancy informatization system from China Four-Faith Four-Faith. A security vulnerability exists in Four-Faith Water Conservancy Informatization version 1.0, which stems from an incorrect manipulation of the parameter fileName in the fil...
CVE-2025-5993
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...
CVE-2025-5993
CVE-2025-5993 — ITCube CRM path traversal affects ITCube CRM versions 2023.2–2025.2. The vulnerability arises from an insecure fileName parameter, enabling an unauthenticated attacker to craft payloads that download arbitrary files accessible to the web server process. Impact is primarily confide...
CVE-2025-5993 Path Traversal in ITCube CRM
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...
ITCube CRM 路径遍历漏洞
ITCube CRM is a customer relationship management system from ITCube Japan. A path traversal vulnerability exists in ITCube CRM version 2025.2 and prior versions, which stems from a path traversal vulnerability in the fileName parameter that could lead to an arbitrary file download...
PT-2025-36453
Name of the Vulnerable Software and Affected Versions: ITCube CRM versions 2023.2 through 2025.2 Description: ITCube CRM is susceptible to a path traversal issue. An unauthenticated remote attacker can exploit the fileName parameter to construct payloads that enable the download of any file...
CVE-2025-9575
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...
CVE-2025-30057
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...