CVE-2018-9118

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter...

Directory traversal

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. dot dot in the filename parameter to secupload2/upload.aspx...

Foxit MobilePDF for iOS Denial of Service Vulnerability

Foxit MobilePDF for iOS is China's Foxit Foxit software company's a cross iOS-based platform for mobile devices to use the PDF document reader. A denial of service vulnerability exists in the iOS-based Foxit MobilePDF application prior to version 6.1, which stems from the program's inability to...

Synology Surveillance Station File and Directory Information Disclosure Vulnerability

Synology Surveillance Station is a video management application from Synology, and User Profile is one of the user information storage files. An information disclosure vulnerability exists in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station versions prior to...

CVE-2017-16770

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter...

Information disclosure

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter...

CVE-2017-16813

A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this...

CVE-2017-16606

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...

CVE-2017-16592

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

CVE-2017-16603

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...

CVE-2017-16606

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...

NetGain Systems Enterprise Manager restore.download_005fdo_jsp Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

NetGain Systems Enterprise Manager _3d.add_005f3d_005fview_005fdo_jsp Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

UBUNTU-CVE-2017-1000159

Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91...

CVE-2015-5468

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter to includes/download.php...

Arbitrary file download vulnerability in the fileName parameter of GoodVision video conferencing system

GoodVision Video Conferencing System is a software application for pc platforms in Simplified Chinese language. There is an arbitrary file download vulnerability in the fileName parameter of GoodVision Video Conferencing System. This allows attackers to exploit the vulnerability to obtain sensiti...

PT-2017-9768 · Moxa · Moxa Awk-3131A Wireless Access Point

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3131A Wireless Access Point version 1.1 Description: An exploitable null pointer dereference issue exists in the Web Application /forms/web runScript iw filename functionality. This can be triggered by an HTTP POST request with a bla...

Code injection

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a 1 stderr.log or 2 stdout.log value in the filename parameter to /cmf/process//logs...

CVE-2016-4949

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a 1 stderr.log or 2 stdout.log value in the filename parameter to /cmf/process//logs...

SQL Injection Vulnerability in the 'filename' parameter of Xinhoo Collaboration Office System

Xinhuo coworking system is an open source office system, cross-platform system, support APP, pc web version, pc client and so on. SQL injection vulnerability exists in the 'filename' parameter of Xinhao Co-working System. Allow attackers to exploit the vulnerability to obtain sensitive database...