24 matches found
EUVD-2024-41433
Malicious code in bioql PyPI...
CVE-2025-58159 WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE)
WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension...
Overleaf 安全漏洞
Overleaf is an open source online real-time collaborative LaTeX editor from Overleaf Open Source. A security vulnerability exists in Overleaf. An attacker can exploit the vulnerability to load a dictionary file with an arbitrary filename...
CVE-2024-21519
OpenCart opencart/opencart (v4.0.0.0) is affected by an Arbitrary File Creation vulnerability exposed via the database restoration functionality. The root cause is PHP code injection into the database, allowing an attacker with admin privileges to create a backup file with an arbitrary filename (...
CVE-2021-43403
An issue was discovered in FusionPBX before 4.5.30. The logviewer.php Log View page allows an authenticated user to choose an arbitrary filename for download i.e., not necessarily freeswitch.log in the intended directory...
Directory traversal
An issue was discovered in FusionPBX before 4.5.30. The logviewer.php Log View page allows an authenticated user to choose an arbitrary filename for download i.e., not necessarily freeswitch.log in the intended directory...
CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...
CVE-2021-43403
An issue was discovered in FusionPBX before 4.5.30. The logviewer.php Log View page allows an authenticated user to choose an arbitrary filename for download i.e., not necessarily freeswitch.log in the intended directory...
CVE-2017-5381
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox 51...
CVE-2017-5381
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox 51...
CVE-2017-5381
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox 51...
CVE-2017-5381
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox 51...
Executable File With Non-Executable File Extension Arbitrary File Execution
Certain malicious executable files can be hidden using arbitrary filename extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
CVE-2007-2644
A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename...
Design/Logic Flaw
Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...
CVE-2007-1044
Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...
CVE-2007-1044
Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...
Design/Logic Flaw
Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an...
CVE-2006-2058
Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...
CVE-2006-2058
Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...