rtfm

This is a Debian package for a Python application called "RTFM" Read The Fine Manual. The package is version 0.96-RC1 and is intended for the "all" architecture. The package contains a single file, "rtfm.py", which is the main executable script for the application. The package also contains a...

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

CVE-2023-6565

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

CVE-2018-20420

In webERP 4.15, ZCreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter...

CVE-2024-57669

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file...

Zrlog 安全漏洞

ZrLog is a blogging system developed in Java language by xiaochun individual developer. A security vulnerability exists in Zrlog backup-sql-file.jar version v.3.0.31, which stems from a directory traversal vulnerability that allows remote attackers to obtain sensitive information via the...

PT-2025-3533 · Zrlog · Zrlog

Name of the Vulnerable Software and Affected Versions: Zrlog backup-sql-file.jar version 3.0.31 Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the BackupController.java file. Recommendations: For Zrlog backup-sql-file.jar version 3.0.31,...

CVE-2024-9918

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...

Arbitrary Code Execution

dolibarr/dolibarr is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation of file types in the Upload Template function, allowing attackers to execute arbitrary code via uploading a crafted .SQL file...

GHSA-P7R8-7W87-8G46 Dolibarr arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

CVE-2024-37821

Dolibarr ERP/CRM up to v19.0.1 contains an arbitrary file upload vulnerability in the Upload Template function. The issue arises from improper validation of file types, allowing a crafted .SQL file to execute arbitrary code. Affected component: Upload Template/file upload handling; impact is arbi...

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

Design/Logic Flaw

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secretcoder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched...

Design/Logic Flaw

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

InfiniteWP Client < 1.12.3.1 - Unauthenticated Sensitive Information Exposure

Description The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeat...

Cross-site Scripting (XSS)

phpmyadmin/phpmyadmin is vulnerable to Cross-site Scripting XSS. An authenticated user is able to execute malicious code on a victim's browser by uploading a specially-crafted .sql file through the drag-and-drop interface...