25 matches found
CVE-2026-41201
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Version CI4MS 0.31.4.0 contains a cross-site scripting vulnerability. This vulnerability arises from the backup module’s filename field allowing XSS payloads to be hidden through SQL file tampering, potentially leading to full...
CVE-2018-25286
The CVE-2018-25286 entry affects Easy PhotoResQ 1.0 and describes a buffer overflow in the Folder/filename field. According to the connected documentation, an attacker can supply a 6000-byte payload via the File Options dialog to cause a denial-of-service crash locally. The impact is a crash/DoS ...
CVE-2018-25286 Easy PhotoResQ 1.0 Buffer Overflow Denial of Service
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition...
CVE-2018-25286
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition...
EUVD-2018-21806
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition...
PT-2026-35256
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition...
CVE-2026-41411
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS through the filename field in the backup management module. An attacker can gain unauthorized access to user accounts and escalate privileges by...
CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS
An attacker can achieve Full Account Takeover and Privilege Escalation via Stored DOM XSS in the backup module's filename field, which is manipulated through an SQL file that tampers with the filename field to contain a hidden XSS payload...
CVE-2018-25267 UltraISO 9.7.1.3519 Buffer Overflow via Output FileName
UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH record overwrite...
PT-2026-34463
UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH record overwrite...
CVE-2015-20116
The CVE refers to RealtyScript 4.0.2 from Next Click Ventures, where the CSV file upload handling is vulnerable to stored cross-site scripting due to insufficient sanitization of filename parameters in multipart form data. This can allow an attacker to inject XSS payloads that execute in users’ b...
CVE-2026-20902
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...
CVE-2026-20902
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...
EUVD-2020-4054
Malware in sbrugna...
CVE-2020-11712
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...
CVE-2020-11712
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...
CVE-2020-11712
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...
CVE-2020-11712
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...