CGM CLININET Code Injection Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...

CVE-2025-9575

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...

CVE-2025-9575

Summary: CVE-2025-9575 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. The issue resides in the /cgi-bin/upload.cgi file, specifically the cgiMain function, where manipulation of the filename argument enables operating system command injection. The vulnerability can be exploite...

Linksys多款产品 安全漏洞

Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE6250 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless...

PT-2025-35124

Name of the Vulnerable Software and Affected Versions Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...

CVE-2025-30057

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

CVE-2025-30057

Technical details about CVE-2025-30057 are not publicly provided in the supplied documents. Monitor for updates when new information becomes available.

VulnCheck KEV: CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

CGM CLININET 代码注入漏洞

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...

PT-2025-34852 · Uhcrtfdoc · Uhcrtfdoc

Name of the Vulnerable Software and Affected Versions: UHCRTFDoc affected versions not specified Description: The filename parameter in UHCRTFDoc can be exploited to execute arbitrary code through command injection into the system function call within the ConvertToPDF function. Recommendations: A...

ruoyi-go 路径遍历漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A path traversal vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from the improper handling of the fileName parameter in the DownloadTmp/DownloadUpload function in the file...

Linux Distros Unpatched Vulnerability : CVE-2021-43300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack overflow in PJSUA API when calling pjsuarecordercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a...

Viglet Shio CMS 安全漏洞

Viglet Shio CMS is a content management system from Viglet Open Source. A security vulnerability exists in Viglet Shio CMS version 0.3.8 and earlier, which stems from a misbehavior of the parameter filename in the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java tha...

Viglet Shio CMS 安全漏洞

Viglet Shio CMS is a content management system from Viglet Open Source. A security vulnerability exists in Viglet Shio CMS version 0.3.8 and earlier, which stems from the incorrect operation of the parameter fileName in the file...

CVE-2025-7628

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to...

kkFileViewOfficeEdit 路径遍历漏洞

kkFileViewOfficeEdit is a file online preview and online editing software for OFFICE by YiJiuSmile personal developer. A path traversal vulnerability exists in kkFileViewOfficeEdit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and prior versions, which stems from a path traversal vulnerability caused ...

gorobbs 路径遍历漏洞

gorobbs is a full-text search engine by letseeqiji's individual developers. A path traversal vulnerability exists in gorobbs 1.0.8 and earlier versions, which stems from a path traversal caused by the parameter filename operation...

Simple forum forum_downloadfile.php path traversal vulnerability

Simple forum is a simple forum. Simple forum suffers from a path traversal vulnerability, which stems from the parameter filename in the file /forumdownloadfile.php failing to properly filter for special elements in the path of a resource or file. An attacker can exploit this vulnerability to cau...