941 matches found
CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...
CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...
PT-2023-25545 · Unknown · Pos Codekop
Name of the Vulnerable Software and Affected Versions: POS Codekop version 2.0 Description: The issue is related to an authenticated remote code execution RCE vulnerability. It can be exploited via the filename parameter. Recommendations: For POS Codekop version 2.0, consider restricting access t...
CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...
The vulnerability of the UploadFirmwareFile function in the microprogramming software for TOTOLINK X18 allows a hacker to execute arbitrary commands.
The vulnerability of the UploadFirmwareFile function in TOTOLINK X18 microprogrammed router software is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the FileName parameter...
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
Design/Logic Flaw
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
CVE-2023-29401
CVE-2023-29401 affects the Gin web framework (Context.FileAttachment filename handling). A maliciously crafted filename can make Content-Disposition header use an unexpected name, potentially serving a file with a name different from the one provided. The CVE is scored 4.3 (MEDIUM) with network a...
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
Gin 安全漏洞
Gin is a small JavaScript Markdown editor built with Electron by Marius Küng, a personal developer. Gin suffers from a security vulnerability that stems from an improperly cleaned filename parameter in the Context.FileAttachment function, which can be exploited by an attacker to modify the...
CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...
CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...
Design/Logic Flaw
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...
CVE-2023-29152 PTC Vuforia Studio Improper Authorization
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...
PT-2023-22172 · Ptc · Vuforia
Name of the Vulnerable Software and Affected Versions: Vuforia affected versions not specified Description: The issue allows an attacker to delete any file with the permissions of the Vuforia server account by changing the filename parameter in the request. Recommendations: At the moment, there i...
Reflected File Download
github.com/gin-gonic/gin is vulnerable to Reflected File Download. The vulnerability exists because the FileAttachment function of context.go does not properly sanitize the filename parameter, which allows an attacker to modify the Content-Disposition header and replace the .txt file name suffix...
GHSA-2C4M-59X9-FR2G Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
PTC Vuforia Studio 授权问题漏洞
PTC Vuforia Studio is an easy-to-use, web-native tool from PTC for authoring domain and task-specific experiences. These experiences provide integrated views of digital and physical product data, dashboards, and alerts through 2D, 3D, and augmented reality. An authorization issue vulnerability...
Zhongbang CRMEB 代码问题漏洞
Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A code issue vulnerability exists in Zhongbang CRMEB version 4.6.0, which stems from an incorrect operation of the parameter filename resulting in unrestricted file uploads...