Mozilla Firefox ESR 代码问题漏洞

Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR versions prior to 102.10, which stems from a truncated filename if the filename contains NULL characters when processi...

Minecraft 路径遍历漏洞

Minecraft My World is a Swedish sandbox game by Mojang. A security vulnerability exists in Minecraft BiblioCraft versions prior to 2.4.6 that stems from not cleaning up path traversal characters in filenames...

Attached files under salaries module can be harvested by unauthenticated users

Description File attachment under salaries module can be downloaded and viewed by anyone without authentication by just knowing the full path /assets/FileUploads/2022/staff2/ and the predictable filename contains date YYYY-MM-DD and a random 6 digit number which can be easily enumerated by...

PT-2023-35753 · Git +1 · Binutils

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided input. Description: The issue is related to a heap-use-after-free READ 3 crash type. The crash state involves functions such as filename cmp, debug start source, and parse stab. N...

PYSEC-2023-29

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1...

CVE-2022-28497

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the mtdwritebootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-28497

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the mtdwritebootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK CP900 命令注入漏洞

The TOTOLINK CP900 is a wireless router from China-based TOTOLINK. A security vulnerability exists in the TOTOLINK CP900 due to a command injection issue in the filename parameter of the mtdwritebootloader function...

TOTOLINK CP900 操作系统命令注入漏洞

The TOTOLINK CP900 is a wireless router from China-based TOTOLINK. The TOTOLINK CP900 suffers from an operating system command injection vulnerability that stems from a command injection issue in the filename parameter of the setUpgradeFW function...

PT-2023-12946 · Totolink · Totolink Outdoor Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLink outdoor CPE CP900 version 6.3c.566 B20171026 Description: A command injection issue exists in the setUpgradeFW function via the filename parameter, allowing attackers to execute arbitrary commands through a crafted request...

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Updated ruby-git packages fix security vulnerability

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. CVE-2022-46648, CVE-2022-47318...

CVE-2023-1479

A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file savemusic.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

Simple Music Player 代码问题漏洞

Simple Music Player is a simple music player by the individual developer Carlo Montero. A code issue vulnerability exists in SourceCodester Simple Music Player version 1.0, which stems from a problem with the file savemusic.php, where manipulation of the parameter filename can lead to unrestricte...

PT-2023-17016 · Sourcecodester · Sourcecodester Simple Music Player

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Music Player version 1.0 Description: A critical issue has been found in the software, affecting an unknown function of the file save music.php. The manipulation of the filename argument leads to unrestricted upload. Thi...

CVE-2023-1433

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to...

Online Ordering System 代码问题漏洞

Online Ordering System is a multi-store ordering system for janobe individual developers. It can be used for any small business. A vulnerability exists in SourceCodester Gadget Works Online Ordering System version 1.0 due to an unknown function in the file admin/products/controller.php?action=add...

PT-2023-16980 · Sourcecodester · Sourcecodester Gadget Works Online Ordering System

Name of the Vulnerable Software and Affected Versions: SourceCodester Gadget Works Online Ordering System version 1.0 Description: A problematic issue has been found in the Products Handler component, specifically affecting an unknown part of the file admin/products/controller.php?action=add. The...

USN-5921-1 rsync vulnerabilities

Koen van Hove discovered that the rsync client incorrectly validated filenames returned by servers. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to write arbitrary files, and possibly escalate privileges...