670 matches found
Directory Traversal Vulnerability in Intelligent Meter Collective Reading Management System of Qingdao Automation Instrumentation Co.
Intelligent meter cluster management system is an industrial control management system that controls statistics and manages some of the data in the energy industry. There is a directory traversal vulnerability in the Intelligent Meter Management System of Qingdao Automation Instrumentation Co.,...
Directory Traversal Vulnerability in MCMS
MCMS is a website building system of MINGFEI TECHNOLOGY CO. MCMS suffers from a directory traversal vulnerability. An attacker can exploit the vulnerability to read the contents of any file on the server...
GHSA-9H4G-27M8-QJRG Path Traversal in socket.io-file
All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to arbitrary...
Arbitrary File Read Vulnerability in CloudCare Inspection Information System
Guangzhou Daan Clinical Laboratory Center Co., Ltd. is a high-tech enterprise group engaged in professional medical services, public health services and related technical support services. YunKang test information system there are arbitrary file reading vulnerability, an attacker can exploit the...
Arbitrary File Read Vulnerability in WMCMS
WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS arbitrary file reading vulnerability, an attacker can exploit the vulnerability to read files under the server...
Directory Traversal Vulnerability in Intelligent Meter Management System of Qingdao Automation Instrument Co.
Qingdao Automatic Instrumentation Co., Ltd. is a new joint-stock enterprise integrating R&D and manufacturing. There is a directory traversal vulnerability in the Intelligent Meter Collector Management System of Qingdao Automation Instrument Co., Ltd. that can be exploited by attackers to obtain...
Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2020-32357)
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site request forgery vulnerability exists in Subrion CMS version 4.2.1, which can be exploited by a remote...
SQL injection vulnerability in Heybbs micro community frontend us***.php file SQL injection
Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. Heybbs micro-community front-end us.php file SQL injection SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...
Arbitrary File Deletion Vulnerability in WMCMS
WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS arbitrary file deletion vulnerability , an attacker can exploit the vulnerability to delete any file under the server...
Arbitrary File Deletion Vulnerability in Fiyocms System
Fiyocms is a free and open source cms system for rapid development of personal and corporate websites and blogging systems. Fiyocms system has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any file under the server...
Arbitrary File Download Vulnerability in WMCMS
WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS arbitrary file download vulnerability, attackers can use the vulnerability to download sensitive files under the server...
CVE-2020-10457
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence ../ via the POST parameter imgName for the new name and imgUrl for the current file to be renamed...
Arbitrary File Read Vulnerability in jpress
JPress a product developed using Java, similar to WordPress. Born to integrate the WeChat ecosystem, simple and easy to get started. Dedicated to creating an autonomous self-owned marketing platform for enterprises, using technology to help enterprises marketing cash. jpress there is an arbitrary...
Arbitrary File Download Vulnerability in ZrLog V2.1.1
ZrLog is a blogging program developed using Java. ZrLog V2.1.1 suffers from an arbitrary file download vulnerability, which can be exploited by an attacker to download any file on the server via a constructed path...
SOS JobScheduler JOC Cockpit XML External Entity Vulnerability
Cockpit is an interactive server management interface. An XML External Entity XEE vulnerability exists in the SOS JobScheduler JOC Cockpit. An attacker can exploit this vulnerability to read files from the server via entity declarations in any XML document used to specify runtime settings for job...
Unspecified Vulnerability in OpServices OpMon (CNVD-2020-14223)
OpServices OpMon is an IT infrastructure monitoring software from Brazil. A security vulnerability exists in OpServices OpMon. An attacker can exploit the vulnerability to read server files e.g. /etc/passwd...
CVE-2019-19668
A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html...
Directory Traversal Vulnerability in PageAdmin CMS
PageAdmin CMS is a self-service website builder based on asp.net mvc development . PageAdmin CMS has a directory traversal vulnerability that can be exploited by an attacker to view the structure of the server file system and file contents...
Arbitrary File Read Vulnerability in ClanSphere
ClanSphere is a web content management system primarily used for building tribal and eSports websites. ClanSphere suffers from an arbitrary file read vulnerability that can be exploited by an attacker to read any file on the server...
File Inclusion Vulnerability in Blue Route Blog System si***_mo***.php Page
Blue Route Blog System is built with PHP+MySQL. Blue Route blog system simo.php page there is a file inclusion vulnerability, an attacker can use the vulnerability to include any file on the server...