Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

CVE-2024-50054

The CVE-2024-50054 issue affects mySCADA myPRO Manager (myPRO component) where the back-end does not properly validate the user-controlled filename parameter, enabling a path traversal attack to retrieve arbitrary files from the file system. Documents from CISA/ICS indicate an OS command injectio...

PT-2024-33891 · Myscada · Myscada Mypro Manager

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO Manager affected versions not specified Description: The issue arises from insufficient verification of the user-controlled filename parameter by the back-end, allowing an attacker to perform a path traversal attack. This enable...

PT-2024-16594 · WordPress · Sirv

Name of the Vulnerable Software and Affected Versions: The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress versions up to, and including, 7.3.0 Description: The issue is related to insufficient validation on the filename parameter of the sirv upload file by chunks function, allowing...

CVE-2024-27524

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the newticket.php component...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

PT-2024-21932 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. Recommendations: For Chamilo LMS version 1.11.26,...

PT-2024-21931 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the "new ticket.php" component. This could potentially lead to data theft ...

Automatic Systems SlimLane 安全漏洞

Automatic Systems SlimLane is a high-performance electronic inspection system based on a high-density infrared beam matrix from Automatic Systems. A security vulnerability exists in Automatic Systems SlimLane that stems from an information disclosure issue contained in the Racine and FileName...

PT-2024-33242 · Automatic Systems Maintenance · Slimlane

Name of the Vulnerable Software and Affected Versions: Automatic Systems Maintenance SlimLane affected versions not specified Description: An issue in Automatic Systems Maintenance SlimLane allows a remote attacker to obtain sensitive information via the Racine and FileName parameters in the...

VulnCheck KEV: CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...

VulnCheck KEV: CVE-2014-4535

Cross-site scripting XSS vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

VulnCheck KEV: CVE-2012-4940

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in 1 the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName...

CVE-2024-8694

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is...

PT-2024-39186 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS up to 20240903 Description: A vulnerability was found in the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is...

JFinalCMS 路径遍历漏洞

JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...

JFinalCMS 路径遍历漏洞

JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...

VulnCheck KEV: CVE-2023-46574

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function...

WordPress Zephyr Project Manager plugin <= 3.3.100 - Authenticated (Subscriber+) Stored Cross-Site Scripting via filename Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via filename Parameter vulnerability discovered by wesley wcraft in WordPress Plugin Zephyr Project Manager versions = 3.3.100...

CVE-2024-7356

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...