941 matches found
Artica Proxy 路径遍历漏洞
Artica Proxy is an open source Artica proxy solution from Artica France. A security vulnerability exists in Artica Proxy VMWare Appliance 4.30.000000 SP273 and earlier versions and Artica Proxy versions 4.30.000000 SP206 through SP255, which stems from a lack of filtering of the filename paramete...
Exploit for Cross-site Scripting in Solutions-Atlantic Regulatory_Reporting_System
CVE-2022-29598 : Reflected Cross-Site Scripting XSS in RSS v...
OpenEMR 跨站脚本漏洞
OpenEMR is an open source healthcare management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing applications. cross-site scripting vulnerabilities exist in versions of OpenEMR prior to...
Spring Boot Actuator Logview < 0.2.13 Directory Traversal
Spring Boot Actuator Logview is a library that adds a simple logfile viewer as Spring Boot Actuator endpoint. In Spring Boot Actuator Logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin Spring Boot...
CVE-2022-0889
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...
WordPress plugin Ninja Forms - File Uploads Extension 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...
CVE-2022-26210
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...
CVE-2022-26209
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the...
CVE-2022-26209
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the...
CVE-2022-26210
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...
Command injection
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the...
Command injection
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...
EUVD-2022-30774
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...
CVE-2022-26210
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...
CVE-2022-26209
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the...
CVE-2022-25511
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...
CVE-2022-25098
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter...
CVE-2022-25098
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter...
CVE-2022-25098
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter...
Arbitrary file deletion
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter...