PT-2024-32876 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: A problematic vulnerability has been found in DedeCMS, affecting the file /sys verifies.php?action=view. The manipulation of the filename argument with the input ../../../../../etc/passwd leads to path...

CVE-2024-34210

CVE-2024-34210 affects TOTOLINK outdoor CPE CP450 (version 4.1.0cu.747_B20191224). The root cause is a command injection in CloudACMunualUpdate via the FileName parameter, enabling potential remote code execution over the network. Public exploit details are not provided in the documents; CVSS ind...

CVE-2024-32874

In Frigate, CVE-2024-32874, an application-level DoS can occur when uploading or handling filenames with very long Unicode names due to unbounded filename length and costly Unicode normalization (NFKD) inside secure_filename(). Affected: Frigate releases before 0.13.2. Impact: potential web-app h...

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...

PT-2024-25739 · Totolink · Totolink Outdoor Cpe Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the setUpgradeFW function via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, consider restricting access...

PT-2024-25744 · Totolink · Totolink Outdoor Cpe Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the CloudACMunualUpdate function, specifically via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, as a...

PT-2024-24930 · Frigate · Frigate

Name of the Vulnerable Software and Affected Versions: Frigate versions prior to 0.13.2 Description: The issue arises from the lack of limitation on the length of filenames and the costly use of Unicode normalization with the form NFKD under the hood of the secure filename function. This can lead...

CVE-2024-25525

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the filename parameter of the /WorkFlow/OfficeFileDownload.aspx file against external SQL input. An attacker can exploit this...

PT-2024-20986 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the filename parameter at the "/WorkFlow/OfficeFileDownload.aspx" API endpoint. Recommendations: For versions 6.01 through 12.01, consider restricting...

GHSA-XFJJ-F699-RC79 tiagorlampert CHAOS vulnerable to arbitrary code execution

An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filtering...

CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

CVE-2024-33434

An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filtering...

CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from China's D-Link. A security vulnerability exists in the D-Link DAP-2622 due to a stack-based buffer overflow remote code execution vulnerability in the DDP firmware upgrade file name. An attacker could exploit the vulnerabilit...

CVE-2024-33434

CVE-2024-33434 affects tiagorlampert CHAOS (v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e). The root cause is unsafe concatenation of the filename argument into buildStr without sanitization, enabling remote code execution. Public reports desc...

CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

CHAOS 安全漏洞

github Chaos is a software application. Visualize the connection between Chaos Theory and Fractals via Logical Mapping;. A security vulnerability exists in CHAOS. A remote attacker can exploit this vulnerability to execute arbitrary code by insecurely concatenating the "filename" parameter to the...

CVE-2023-35745

D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2023-35741

D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...