10 matches found
CVE-2025-9712
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required...
CVE-2025-3115
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...
Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2025-1224)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : subversion (EulerOS-SA-2025-1198)
According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated...
CVE-2024-13171
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required...
CVE-2024-46901
A flaw was found in Apache Subversion when serving repositories via moddavsvn. This issue may allow authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository via insufficient validation of filenames against control characters...
CVE-2024-13171
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required...
CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...
CVE-2024-3022
BookingPress for WordPress (all versions
CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...