CVE-2012-4873

Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

CVE-2013-1085

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...

CVE-2014-2864

Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences...

CVE-2025-5000

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function controlpanelsw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command...

CoinExchange_CryptoExchange_Java 路径遍历漏洞

CoinExchangeCryptoExchangeJava is a Java open source cryptocurrency exchange platform for individual developers of open source digital currency exchanges. A path traversal vulnerability exists in CoinExchangeCryptoExchangeJava, which stems from incorrect manipulation of the parameter filename in...

ecommerce-spring-reactjs 路径遍历漏洞

ecommerce-spring-reactjs is an e-commerce webstore by the individual developer Miroslav Khotinskiy. A path traversal vulnerability exists in ecommerce-spring-reactjs, which stems from incorrect manipulation of the parameter filename in the component File Upload Endpoint resulting in path traversa...

Prison Management System Stack Buffer Overflow Vulnerability

Prison Management System is a prison management system. Prison Management System suffers from a stack buffer overflow vulnerability that originates from the parameter filename of the addrecord function in the PrisonMgmtSys component that fails to properly validate the length of the input data,...

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

CVE-2025-44844

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44854

TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44844

TOTOLINK CA600-PoE (V5.3c.6665_B20180820) has a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This could allow an attacker to execute arbitrary commands on the device. PT-2025-18665 provides a mitigation suggesting disabling the setUpgradeFW function and...

CVE-2025-44854

TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44838

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44854

CVE-2025-44854 affects TOTOLINK CP900 (V6.3c.1144_B20190715). The vulnerability exists in the setUpgradeUboot function via the FileName parameter, enabling command injection and potential arbitrary command execution. Multiple connected sources corroborate the issue and link it to a vulnerable CP9...

CVE-2025-44854

TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-4059

A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component PrisonMgmtSys. The manipulation of the argument filename leads to stack-based buffer overflow. An attack has to be approached locally...

Code-Projects Prison Management System 安全漏洞

Code-Projects Prison Management System is an open source prison management system from Code-Projects. A security vulnerability exists in Code-Projects Prison Management System version 1.0, which stems from an improper manipulation of the parameter filename in the addrecord function of the...

CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. A code execution vulnerability exists in the TOTOLINK EX1200T. The vulnerability stems from the FileName parameter in the setUpgradeFW function for...

VulnCheck KEV: CVE-2022-28912

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...