CVE-2026-1549

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...

jshERP path traversal vulnerability

jshERP Huaxia ERP is a domestic ERP system developed by Ji Shenghua. Versions of jshERP 3.6 and earlier had a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter configFile in the file/jshERP-boot/plugin/uploadPluginConfigFile, which could lead to pat...

PT-2025-44510

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.4.2 Description Nagios XI versions prior to 2024R1.4.2 have a remote code execution issue in the Business Process Intelligence BPI component. The issue is due to inadequate validation and sanitization of...

EUVD-2009-3675

Malware in sbrugna...

EUVD-2009-0766

Malware in sbrugna...

CVE-2009-0766

Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CLSA-2025-1744724536 grub2: Fix of 5 CVEs

CVE-2025-0624: net: Out-of-bounds write in grubnetsearchconfigfile - CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write - CVE-2025-1118: commands/dump: The dump command is not in lockdown when secure boot is enabled - CVE-2025-0678: squash4: Integer overflow may lead to heap...

Privilege escalation

Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process...

CVE-2019-15766

CVE-2019-15766 affects the KSLABS KSWEB Android app (v3.93). An authenticated attacker can trigger remote code execution by sending a POST to the AJAX handler with configFile (arbitrary file path) and config_text (content to write), potentially writing and executing a PHP file in the device’s pub...

CVE-2018-14077

Wi2be SMART HP WMT R1.2.20201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg...

PHP-Calendar 1.1 update10.php configfile Parameter Traversal Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/37450/info PHP-Calendar is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to execute arbitrary...

Google AD Sync Tool - Exposure of Sensitive Information

Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versions up to 3.1.3 Severity Rating. High Impact. Exposure of...

DEBIAN-CVE-2011-4782

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

Path traversal

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to 1 update08.php or 2 update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion...

CVE-2009-3702

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to 1 update08.php or 2 update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion...

CVE-2009-0765

Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the configfile parameter...

Directory traversal

Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the configfile parameter...

Directory traversal

Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2009-0766

Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2009-0765

Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the configfile parameter...