CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

PT-2021-17317 · Visualware · Visualware Myconnection Server

Name of the Vulnerable Software and Affected Versions: Visualware MyConnection Server versions prior to 11.1a Description: An issue was discovered in Visualware MyConnection Server that allows Unauthenticated Remote Code Execution via Arbitrary File Upload in the web service when using a...

Lukashinsch Spring Boot Actuator Logview Path Traversal Vulnerability

Lukashinsch Spring Boot Actuator Logview is a codebase by the individual developer Ffay Lukashinsch that provides Spring Boot with the ability to view logs via a web interface. A path traversal vulnerability exists in spring-boot-actuator-logview versions prior to 0.2.13, which stems from the...

CVE-2020-27993

Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files...

CVE-2020-25248

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...

CVE-2020-25247

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter...

CVE-2020-25247

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter...

Advantech iView NetworkServlet findUpdateDeviceListExport Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the findUpdateDeviceListExport method of the NetworkServlet...

Gigamon GigaVUE Code Issue Vulnerability

Gigamon GigaVUE is a set of network monitoring solutions from Gigamon, USA. The product supports features such as network traffic monitoring and sensitive data obfuscation. A security vulnerability exists in the upload function of Gigamon GigaVUE version 5.5.01.11. A remote attacker can exploit t...

Gigamon GigaVUE Path Traversal Vulnerability

Gigamon GigaVUE is a set of network monitoring solutions from Gigamon, USA. The product supports features such as network traffic monitoring and sensitive data obfuscation. A path traversal vulnerability exists in the upload function in Gigamon GigaVUE version 5.5.01.11. An attacker can exploit...

Remote code execution

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter...

Playable 9.18 Script Insertion / Arbitrary File Upload

Document Title: =============== Playable v9.18 iOS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2198 Release Date: ============= 2020-04-16 Vulnerability Laboratory ID VL-ID: ==================================== 2198...

CVE-2020-11705

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

Cross site scripting

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

DEBIAN-CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28056)

The ONAP SDNC is a network-defined network controller from the ONAP program. ONAP SDNC suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...

ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28055)

The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC Dublin. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...

Design/Logic Flaw

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...