8786 matches found
CVE-2022-28865
An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...
Nokia NetAct 跨站脚本漏洞
Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22, which originates from a vulnerability that allows an attacker to change the filename of an uploaded file to include JavaScript code, which is then stored and executed by...
PT-2023-12955 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Site Configuration Tool website section, where a malicious user can change the filename of an uploaded file to include JavaScript code. This code is then stored and executed ...
OpenJDK: HTTP client insufficient file name validation (8302475)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...
VulnCheck KEV: CVE-2023-26255
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system...
CVE-2023-38336
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...
Cockpit 跨站脚本漏洞
Cockpit is an interactive server management interface. A cross-site scripting vulnerability exists in versions prior to joc-cockpit 1.13.19, which stems from the need to specify a filename when uploading a file containing a user-generated JOC Cockpit document, which can be exploited by an attacke...
OSV-2023-560 Stack-buffer-overflow in sc_pkcs15_get_lastupdate
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60527 Crash type: Stack-buffer-overflow READ Crash state: scpkcs15getlastupdate generatecachefilename scpkcs15readcachedfile...
Gin-Gonic Gin 安全漏洞
Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. A security vulnerability exists in Gin-Gonic Gin, which stems from the filename parameter of the Context.FileAttachment function not being cleaned up correctly...
PT-2023-3523 · Microsoft · Office +1
Name of the Vulnerable Software and Affected Versions: Microsoft Office versions prior to the fixed version Description: The issue is related to errors in security settings, allowing a remote attacker to bypass existing security restrictions. The vulnerability can be exploited if a filename ends ...
CVE-2023-37149
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...
CVE-2023-37146
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
CVE-2023-37146
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
CVE-2023-37149
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...
CVE-2023-37149
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...
CVE-2023-37146
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
Command injection
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...
Command injection
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
CVE-2023-37149
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...
PT-2023-8147 · D Link · D-Link G416
Name of the Vulnerable Software and Affected Versions: D-Link G416 affected versions not specified Description: The issue is related to a command injection vulnerability in the HTTP service of D-Link G416 routers, which allows network-adjacent attackers to execute arbitrary code on affected...