WordPress plugin WP Travel Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WP Multilang 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin AI Mortgage Calculator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Motors - Events 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

AZL-62239 CVE-2011-10007 affecting package perl-File-Find-Rule 0.34-15

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...

CVE-2011-10007

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...

CVE-2011-10007 File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...

CVE-2011-10007

CVE-2011-10007 : File::Find::Rule (Perl) up to version 0.34 is vulnerable to Arbitrary Code Execution when grep() processes a crafted filename. The issue arises from using the 2-argument form of open(), permitting an attacker-controlled filename to supply the MODE parameter, turning the filename ...

CVE-2011-10007

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...

CVE-2011-10007

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...

PT-2025-23919

Name of the Vulnerable Software and Affected Versions File::Find::Rule versions through 0.34 Description The issue allows for Arbitrary Code Execution when the grep function encounters a crafted filename. This is due to a file handle being opened with the 2 argument form of open, allowing an...

CVE-2025-49162

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...

CVE-2025-49162

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...

CVE-2025-49162

CVE-2025-49162 affects Arris VIP1113 devices using KreaTV SDK. A remote TFTP operation can overwrite a local file when the remote filename contains a space, allowing control of the local filename. Documented impact per CVSS: high confidentiality, integrity, and availability with physical attack v...

The vulnerability of the control_panel_sw() function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the controlpanelsw function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi routers is related to incorrect elimination of special elements in the output data when processing the parameter filename. Exploiting this vulnerability allows an...

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

The vulnerability of the setUpgradeFW() function in TOTOLINK CA600-PoE router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK CA600-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the setUpgradeUboot() function in TOTOLINK CP900 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setUpgradeUboot function in TOTOLINK CP900 router microprogramming software is related to the lack of measures to sanitize input data during the processing of the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of the setUploadUserData() function in TOTOLINK CP900 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUploadUserData function in TOTOLINK CP900 router microprogramming software is related to the lack of measures to sanitize input data during the processing of the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

CVE-2025-5161

CVE-2025-5161 affects H3C SecCenter SMP-E1114P02 (up to 20250513); vulnerability in the function operationDailyOut of /safeEvent/download due to improper handling of the filename parameter, enabling path traversal. Attack can be launched remotely; exploit disclosed publicly and vendor not respond...