CVE-2022-25098

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter...

PJSUA API Buffer Overflow Vulnerability (CNVD-2022-14998)

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

PJSUA API Buffer Overflow Vulnerability (CNVD-2022-14999)

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

PJSUA API Buffer Overflow Vulnerability (CNVD-2022-15000)

Pjsua Api is an advanced Api for building Sip multimedia user agent applications. a buffer overflow vulnerability exists in the PJSUA API, which can be exploited by attackers to cause out-of-bounds reading of information via a controlled filename parameter...

PJSUA API Buffer Overflow Vulnerability (CNVD-2022-14997)

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

Pjsua Api 缓冲区错误漏洞

Pjsua Api is an advanced Api for building Sip multimedia user agent applications. a buffer overflow vulnerability exists in the PJSUA API, which can be exploited by attackers to cause out-of-bounds reading of information via a controlled filename parameter...

Pjsua Api 缓冲区错误漏洞

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

Pjsua Api 缓冲区错误漏洞

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

Pjsua Api 缓冲区错误漏洞

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

TotoLink X5000R 命令注入漏洞

TOTOLINK X5000R is a router. TOTOLINK X5000R v9.1.0u.6118B20201102 is vulnerable to a stack overflow vulnerability, which can be exploited by attackers to execute arbitrary commands via the parameter FileName...

CVE-2021-46255

eyouCMS V1.5.5-UTF8-SP31 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename...

CVE-2021-40858

Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring...

Adobe RoboHelp Server Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe RoboHelp Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the RoboHelp server. When parsing the fileName parameter, the process does not properl...

VulnCheck KEV: CVE-2020-10221

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...

Directory traversal

A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file...

RKCMS 路径遍历漏洞

Ranko RkCms is an open source, free enterprise website presentation system from Ranko, China. a security vulnerability exists in RKCMS, which stems from a directory traversal vulnerability in the filename parameter of pathindex.php. No detailed vulnerability details are available...

CVE-2020-36494

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component mychanneledit.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36496

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component sysadminuseredit.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36497

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component makehtmlhomepage.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36495

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filemanageview.php via the filename, mid, userid, and templet' parameters...