CVE-2012-2969

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request...

CVE-2017-10975

Cross-site scripting XSS vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despit...

CVE-2009-3890

Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...

TOTOLINK N300RH Command Injection Vulnerability

TOTOLINK N300RH is a long range wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N300RH suffers from a command injection vulnerability that stems from the parameter FileName in the file /cgi-bin/cstecgi.cgi failing to properly filter constructed command special characters,...

PT-2025-22548 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator...

ABB多款产品 代码注入漏洞

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications...

PT-2025-22539 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator...

CVE-2007-6740

The ftpSTOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command...

CVE-2002-2120

Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to 1 Watcom or 2 int10...

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

CVE-2004-2187

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...

CVE-2005-3279

Stack-based buffer overflow in the vgascoprintf function in Jan Kybic BitMap Viewer BMV 1.2, when compiled with the MUNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option...

CVE-2005-4882

tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse Simple Imager WSI and other products, allows remote attackers to cause a denial of service daemon crash via a long filename in a TFTP read aka RRQ or get request, a different vulnerability than CVE-2002-2226...

CVE-2002-2063

AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames...

CVE-2025-4868

A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v1/admin/ of the component File Upload Endpoint. The manipulation of the argument...

CVE-2025-5000

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function controlpanelsw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command...

Linksys FGW3000-AH 注入漏洞

The Linksys FGW3000-AH is a wireless router from Linksys, Inc. An injection vulnerability exists in Linksys FGW3000-AH version 1.0.17.000000 and earlier, which stems from improper handling of the parameter filename by the HTTP POST request handler, which could lead to command injection...

CVE-2025-47576

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5...

WordPress plugin SUMO Reward Points 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WPAMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...