Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the remove function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...

Directory traversal

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus ?????-plus 3.5.1 allows attackers to read arbitrary files via the filePath parameter...

CVE-2021-30048

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus 小说精品屋-plus 3.5.1 allows attackers to read arbitrary files via the filePath parameter...

PT-2021-18585 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-plus 小说精品屋-plus version 3.5.1 Description: The issue allows attackers to read arbitrary files via the filePath parameter in the fileDownload function located in com/java2nb/common/controller/FileController.java. This enables access to...

Arbitrary File Download Vulnerability in Filepath Parameter of Mixcall Attendant Management System

Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. An arbitrary file download vulnerability exists in t...

Beijing Jinhe C6 Collaborative Management Platform Arbitrary File Download Vulnerability

Jinhe OA is developed with asp.net and sqlserver technology and is used by many users. OA system/JHSoft.Web.CustomQuery/FileDownLoad.aspx page due to the FilePath parameter did not do ... /filter, can download any file in any directory, resulting in arbitrary file download vulnerability...

CVE-2015-2071

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. dot dot in the filepath parameter...

CVE-2010-4801

Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the filepath parameter...

CVE-2010-4801

Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the filepath parameter...

Buffer overflow

Buffer overflow in the BFup ActiveX control BFup.dll in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter...

CVE-2008-1282

Buffer overflow in the BFup ActiveX control BFup.dll in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter...

PT-2007-3745 · Unknown · Seir Anphin

Name of the Vulnerable Software and Affected Versions: Seir Anphin affected versions not specified Description: A directory traversal issue in modules/file.php allows remote attackers to obtain sensitive information via a .. dot dot in the afilepath parameter. Note that a third party has disputed...