PT-2025-27131 · Unknown · Apuswp Domnoo

Name of the Vulnerable Software and Affected Versions: ApusWP Domnoo versions 1.49 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion in...

CVE-2025-5966

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report...

CVE-2025-5966

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report...

CVE-2025-5966

CVE-2025-5966 affects Zohocorp ManageEngine Exchange Reporter Plus versions 5722 and earlier. The vulnerability is a Stored XSS in the Attachments by filename keyword report, enabling script execution when a crafted filename is processed by the report feature. The issue is confirmed across multip...

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

CVE-2025-6619

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit...

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

SUSE-SU-2025:02105-1 Security update for perl-File-Find-Rule

This update for perl-File-Find-Rule fixes the following issues: - CVE-2011-10007: Fixed arbitrary code execution when grep encounters a crafted filename bsc1244148...

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

Remote Code Execution (RCE)

github.com/mattermost/mattermost-server is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of filenames in uploaded archive files, which allows path traversal sequences to be processed during extraction...

TOTOLINK CA300-PoE 命令注入漏洞

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE upgrade.so file, which stems from the parameter FileName of the file upgrade.so failing to correctly filter construct command special characters...

SUSE CVE-2025-4878

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

CLSA-2025-1750783474 ghostscript: Fix of CVE-2024-46953

CVE-2024-46953: fix integer overflow in parsing filename format string to prevent path truncation and possible code execution...

CLSA-2025-1750782908 squashfs-tools: Fix of CVE-2021-40153

CVE-2021-40153: fix directory traversal vulnerability in squashfsopendir by validating filenames before creating new files...

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

Important: perl-File-Find-Rule

Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...

Important: perl-File-Find-Rule-Perl

Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...

Amazon Linux 2023 : perl-File-Find-Rule-Perl (ALAS2023-2025-1047)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1047 advisory. File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker...

PT-2025-26487 · Unknown · Code-Projects Simple Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: code-projects Simple Online Hotel Reservation System version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file /add reserve.php. The manipulation of the firstname argument leads to SQL...