PT-2024-26887 · Vaultize · Vaultize

Name of the Vulnerable Software and Affected Versions: Vaultize version 21.07.27 Description: An issue was discovered in the software where there is no check that the filename parameter is correct when uploading files. As a result, a temporary file will be created outside the specified directory...

CVE-2024-35081

LuckyFrameWeb v3.5.2 is affected by CVE-2024-35081: an arbitrary file deletion vulnerability exposed through the fileName parameter in the fileDownload method. The issue allows deletion of files and is described as a security vulnerability with high integrity impact (I: high) while confidentialit...

LuckyFrameWeb 安全漏洞

LuckyFrameWeb is an open source testing platform open source by LuckyFrameWeb. A security vulnerability exists in LuckyFrameWeb version v3.5.2, which originates from an arbitrary file deletion via the fileName parameter in the fileDownload method...

PT-2024-26310 · Unknown · Luckyframeweb

Name of the Vulnerable Software and Affected Versions: LuckyFrameWeb version 3.5.2 Description: The issue allows for arbitrary file deletion via the fileName parameter in the fileDownload method. Recommendations: For version 3.5.2, avoid using the fileName parameter in the fileDownload method unt...

TOTOLINK CPE CP450 setUpgradeFW Method Command Injection Vulnerability

TOTOLINK CPE CP450 is an outdoor wireless client terminal device manufactured by China Gion Electronics TOTOLINK. The TOTOLINK CPE CP450 suffers from a command injection vulnerability that stems from the FileName parameter of the setUpgradeFW method failing to properly filter constructor command...

CVE-2024-34210

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter...

CVE-2024-34204

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...

CVE-2024-34204

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...

TOTOLINK CPE CP450 安全漏洞

TOTOLINK CPE CP450 is an outdoor wireless client terminal device from China Gion Electronics TOTOLINK, which is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. A security vulnerability exists in the TOTOLINK CPE CP450...

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC 20240506 and earlier versions, which...

PT-2024-32876 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: A problematic vulnerability has been found in DedeCMS, affecting the file /sys verifies.php?action=view. The manipulation of the filename argument with the input ../../../../../etc/passwd leads to path...

PT-2024-25744 · Totolink · Totolink Outdoor Cpe Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the CloudACMunualUpdate function, specifically via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, as a...

PT-2024-25739 · Totolink · Totolink Outdoor Cpe Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the setUpgradeFW function via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, consider restricting access...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the filename parameter of the /WorkFlow/OfficeFileDownload.aspx file against external SQL input. An attacker can exploit this...

CVE-2024-25525

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...

PT-2024-20986 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the filename parameter at the "/WorkFlow/OfficeFileDownload.aspx" API endpoint. Recommendations: For versions 6.01 through 12.01, consider restricting...

CHAOS 安全漏洞

github Chaos is a software application. Visualize the connection between Chaos Theory and Fractals via Logical Mapping;. A security vulnerability exists in CHAOS. A remote attacker can exploit this vulnerability to execute arbitrary code by insecurely concatenating the "filename" parameter to the...

The vulnerability of the ftext() function in the upload_firmware.cgi script of the D-Link DIR-822+ wireless router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ftext function in the uploadfirmware.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command for processing the UPLOADFILENAME parameter...

PT-2024-24613 · Znuny +1 · Znuny +1

Name of the Vulnerable Software and Affected Versions: Znuny versions 6.0.31 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue allows a logged-in user to upload a file to an arbitrary writable location by traversing paths via a manipulated AJAX request. If this location is...

CVE-2024-31809

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...