941 matches found
CVE-2024-31809
TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...
CVE-2024-30849
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/productsphoto.php...
PT-2024-24217 · Totolink · Totolink Ex200
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: A remote code execution issue was discovered, allowing exploitation via the FileName parameter in the setUpgradeFW function. This enables unauthorized code execution, potentially leadi...
The vulnerability of the AI application scaling framework and Python Ray, related to an incorrect path name limitation for the restricted access catalog, allows attackers to read arbitrary files.
The vulnerability of the AI application scaling framework and Python Ray is related to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the “filename” parameter...
NUUO NVRmini 路径遍历漏洞
NUUO NVRmini is a standalone Linux-based IP camera surveillance solution from NUUO. A path traversal vulnerability exists in NUUO NVRmini versions 2.x through 3.0.8, which stems from the fact that incorrect manipulation of the parameter filename can lead to path traversal...
NUUO Camera 安全漏洞
NUUO Camera is a series of webcams. A security vulnerability exists in NUUO Camera 20240319 and earlier versions, which stems from a Denial of Service DOS vulnerability in the parameter filename of the file /deletefile.php...
PT-2024-23164 · Nuuo · Nuuo Camera
Name of the Vulnerable Software and Affected Versions: NUUO Camera up to 20240319 Description: A vulnerability was found in the processing of the file /deletefile.php, where the manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has...
Desdev DedeCMS 跨站请求伪造漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. Desdev DedeCMS 5.7 version of the...
PandaX Security Vulnerability
PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from an incorrect operation of the parameter fileName that can lead to path travers...
PT-2024-21049 · Unknown · Pandaxgo Pandax
Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue has been identified, affecting the DeleteImage function in the /apps/system/router/upload.go file. The vulnerability can be exploited by manipulating the fileName argument with a...
PandaX Security Vulnerability
PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the incorrect manipulation of the parameter filename can lead to path traversa...
Collabora Online Security Breach
Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. Collabora Online suffers from a security vulnerability. An attacker can exploit the vulnerability to obtain the path to a...
ZKTeco ZKBio Media Security Breach
ZKTeco ZKBio Media is a digital signage platform that integrates video playback, pictures, audio and other multimedia information from ZKTeco China, providing information distribution solutions based on "visual presentation". A security vulnerability exists in ZKTeco ZKBio Media version...
CVE-2023-49959
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...
Command injection
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...
CVE-2023-49960
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...
PT-2024-13842 · Indo Sol · Indo-Sol Profinet-Inspektor Nt
Name of the Vulnerable Software and Affected Versions: Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier Description: A path traversal issue in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the...
Novel-Plus 代码问题漏洞
Novel-Plus is a multi-end PC, WAP reading, fully functional novel CMS system. Novel-Plus com.java2nb.common.controller.FileController: upload processing fieName parameter there is an arbitrary file upload vulnerability, a remote attacker can use the vulnerability to submit a special request, you...
PT-2024-20241 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...
GHSA-GFQF-9W98-7JMX Stimulsoft Dashboard.JS directory traversal vulnerability
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...