CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

CVE-2023-37149

TOTOLINK LR350 firmware version V9.3.5u.6369_B20220309 contains a command injection vulnerability in the setUploadSetting function, exploitable via the FileName parameter. CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Impacts confidentiality, integrity, and availabilit...

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

CVE-2023-3504

A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be...

POS Codekop 2.0 Shell Upload

Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Date: 25-05-2023 Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The...

SmartWeb Infotech Job Board 代码问题漏洞

Smartweb Infotech SmartWeb Infotech Job Board is a web solution from Smartweb Infotech. A code issue vulnerability exists in SmartWeb Infotech Job Board version 1.0, which stems from the parameter filename in the file /settings/account that can lead to unrestricted uploads...

POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability

Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The application does...

PT-2023-25110 · Smartweb Infotech · Smartweb Infotech Job Board

Name of the Vulnerable Software and Affected Versions: SmartWeb Infotech Job Board version 1.0 Description: A critical issue affects some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the filename argument leads to unrestricted upload. T...

PT-2023-21147 · Malwarebytes · Malwarebytes Anti-Exploit

Name of the Vulnerable Software and Affected Versions: Malwarebytes Anti-Exploit version 4.4.0.220 Description: The issue allows for arbitrary file deletion and denial of service via an ALPC message where FullFileNamePath lacks a '0' character. Recommendations: For Malwarebytes Anti-Exploit versi...

CVE-2023-30945 CVE-2023-30945

Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...

PT-2023-23076 · Vcd +2 · Vcd +2

Name of the Vulnerable Software and Affected Versions: Multiple Services versions affected versions not specified Description: The issue is related to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. This allows a malicious attacker to read...

Exploit for Unrestricted Upload of File with Dangerous Type in Tecrail Responsive_Filemanager

CVE-2022-44276-PoC PoC for Responsive Filemanager 9.12.0...

CVE-2023-35169

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

CVE-2023-36348

POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...

CVE-2023-36348

POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...

Directory Traversal

webklex/laravel-imap and webklex/php-imap are vulnerable to Directory Traversal. The vulnerability exists due to a lack of filename attachment sanitization which allows an attacker to save a file to an arbitrary location...

PT-2023-25545 · Unknown · Pos Codekop

Name of the Vulnerable Software and Affected Versions: POS Codekop version 2.0 Description: The issue is related to an authenticated remote code execution RCE vulnerability. It can be exploited via the filename parameter. Recommendations: For POS Codekop version 2.0, consider restricting access t...

CVE-2023-36348

POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...

CVE-2023-36348

POS Codekop v2.0 contains an authenticated remote code execution (RCE) vulnerability stemming from insufficient sanitization of the filename parameter in the edit flow (/upload path). Specifically, the flaw allows an authenticated attacker to upload a PHP file via the filename field and access it...

The vulnerability of the UploadFirmwareFile function in the microprogramming software for TOTOLINK X18 allows a hacker to execute arbitrary commands.

The vulnerability of the UploadFirmwareFile function in TOTOLINK X18 microprogrammed router software is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the FileName parameter...