CVE-2019-14699

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server...

Aptana Jaxer wikilite source browser local file inclusion vulnerability

Aptana Jaxer is an open source JavaScript server . A local file inclusion vulnerability exists in the wikilite source viewer in Aptana Jaxer version 1.0.3.4547. A remote attacker can exploit this vulnerability with tools/sourceViewer/index.html?filename=... / URI to read internal files...

Netdata HTTP Header Injection Vulnerability

Netdata is a real-time Linux performance monitoring tool. Netdata 1.10.0 suffers from an HTTP Header injection vulnerability. An attacker can exploit this vulnerability via the api/v1/data filename parameter to perform HTTP Header injection attacks...

UBUNTU-CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

PT-2019-4576 · Moxa · Moxa Awk-3121

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: The issue allows an attacker to execute commands on the device due to insufficient argument validation in a command. This can be exploited by a remote attacker to execute arbitrary commands with root...

PT-2019-12689 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.747 Description: A cross-site scripting XSS issue was found in the CentOS Web Panel. The issue is related to the fm current dir or filename parameter in the testacc/fileManager2.php endpoint...

CVE-2018-13299

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter...

CVE-2018-13299

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter...

Sitemagic CMS Cross-Site Scripting Vulnerability

Sitemagic CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in the SMFiles/FrmUpload.class.php file in Sitemagic CMS v4.4, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'filename' parameter...

CVE-2019-10238

Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...

CVE-2019-10238

Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...

Humhub cross-site scripting vulnerability (CNVD-2019-12169)

Humhub is a set of open source social networking software based on the Yii PHP framework written . A cross-site scripting vulnerability exists in file/file/upload in version 1.3.10 of Humhub Community Edition. A remote attacker can use the 'filename' parameter to inject arbitrary web script or HT...

Deserialization of Untrusted Data

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible insert the php wrapper “phar” with an arbitrary path in filename parameter that allows arbitrary code...

PT-2019-9645 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software where HTTP Header Injection is possible via the filename parameter in the "api/v1/data" endpoint. This is due to the web client api request v1 data function in web/api/web ap...

Design/Logic Flaw

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request...

CVE-2019-9632

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request...

CVE-2019-9632

CVE-2019-9632 affects ESAFENET CDG V3 and V5. The vulnerability enables arbitrary file download via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. Reported impact is information disclosure; CVSSv3 base score 7.5 (HI...

CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

NEC Aterm HC100RC OS Command Injection Vulnerability (CNVD-2019-01107)

The NEC Aterm HC100RC is a network camera from Nippon Electric NEC. An operating system command injection vulnerability exists in the NEC Aterm HC100RC using firmware version 1.0.1 and earlier. The vulnerability can be exploited to execute arbitrary operating system commands with the 'filename'...

CVE-2018-0635

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter...