WordPress plugin Zephyr Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-38287 · WordPress · Zephyr Project Manager

Name of the Vulnerable Software and Affected Versions: Zephyr Project Manager plugin for WordPress versions up to, and including, 3.3.100 Description: The issue is related to Stored Cross-Site Scripting via the filename parameter due to insufficient input sanitization and output escaping. This...

TOTOLINK A3600R 安全漏洞

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3600R suffers from a buffer overflow vulnerability that originates from improper handling of the FileName parameter in the setUploadSetting function of the /cgi-bin/cstecgi.cgi file. An...

VulnCheck KEV: CVE-2021-44892

A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...

CVE-2024-39165

QR/demoapp/qrimage.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the...

Asial JpGraph Security Vulnerability

Asial JpGraph is an object-oriented PHP graph creation library from Asial. A security vulnerability exists in Asial JpGraph version 4.2.6-pro and prior versions. A remote attacker can use this vulnerability to execute arbitrary code via a PHP load in the data parameter and a .php filename in the...

PT-2024-28374

Name of the Vulnerable Software and Affected Versions: Asial JpGraph Professional versions 4.2.6-pro and earlier Description: The issue allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This...

PT-2024-28744

Name of the Vulnerable Software and Affected Versions supOS version 5.0 Description The issue allows directory traversal for reading files via the "api/image/download" endpoint, specifically when the fileName parameter contains ../. This enables unauthorized access to files on the system...

PT-2024-26988

Name of the Vulnerable Software and Affected Versions Flowise version 1.4.3 Description The issue concerns a lack of sanitization of the fileName body parameter in the "/api/v1/openai-assistants-file" endpoint, which is located in the index.ts file. This lack of sanitization leads to an arbitrary...

CVE-2024-37673

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter...

CVE-2024-37673

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter...

Tessi Docubase Document Management Security Vulnerability

Tessi Docubase Document Management is a document management and process automation software from Tessi. A security vulnerability exists in Tessi Docubase Document Management version 5.x. A remote attacker could exploit the vulnerability to execute arbitrary code via the filename parameter...

CVE-2024-37673

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter...

PT-2024-18928 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: opencart/opencart version 4.0.0.0 Description: A reflected XSS issue was identified in the filename parameter of the "admin tool/log" route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. T...

PT-2024-27708 · Tessi · Tessi Docubase Document Management

Name of the Vulnerable Software and Affected Versions: Tessi Docubase Document Management product versions 5.x Description: The issue allows a remote attacker to execute arbitrary code via the filename parameter. This is a Cross Site Scripting vulnerability. Recommendations: For Tessi Docubase...

Reflected Cross-site Scripting

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to clic...

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

TOTOLINK CP900L 安全漏洞

The TOTOLINK CP900L is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK CP900L suffers from a command injection vulnerability that stems from the FileName parameter of the UploadFirmwareFile function failing to correctly filter constructed command special characters, command...

PT-2024-26481 · Totolink · Totolink Cp900L

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900L version 4.1.5cu.798 B20221228 Description: A command injection issue was found via the FileName parameter in the UploadFirmwareFile function. This allows for potential exploitation. Recommendations: For TOTOLINK CP900L version...

CVE-2024-36079

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...