CVE-2018-0635

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter...

CVE-2018-12316

OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter...

CVE-2018-12316

OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter...

TerraMaster TOS Cross-Site Scripting Vulnerability

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization, etc. Text Editor is one of the text editor. A cross-site scripting vulnerability...

CVE-2018-13360

Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter...

CVE-2018-18547

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dira parameter, or the filename to the list/directory/ URI...

CVE-2018-18258

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...

Directory traversal

Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters...

man-cgi Local File Inclusion Vulnerability

Exploit for linux platform in category remote exploits man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd the Script will read and return the local file. This is...

CVE-2018-1155

In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...

Cross site scripting

script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting XSS vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could...

CVE-2018-11351

script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting XSS vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could...

CVE-2018-11351

script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting XSS vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could...

Command Injection in pdfinfojs

Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later...

CVE-2018-11341

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...

CVE-2018-11345

An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...

Directory traversal

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...

ASUSTOR AS6202T ADM Directory Traversal Vulnerability

ADM ASUSTOR Data Manager is the operating system and user interface for ASUSTOR NAS. A directory traversal vulnerability exists in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3. An attacker can exploit this vulnerability to navigate the file system via the filename parameter...

PT-2018-1370 · Pdfinfojs · Pdfinfojs

Name of the Vulnerable Software and Affected Versions: pdfinfojs versions = 0.3.6 pdfinfojs versions prior to 0.4.1 Description: The issue is related to a lack of neutralization of special elements in input commands for the pdfinfojs module. This can be exploited by a remote attacker to execute...

CVE-2018-9118

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter...