Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.9 views

CVE-2023-49960

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...

7.5CVSS7.2AI score0.00664EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.9 views

CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS6.9AI score0.00654EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.14 views

Command injection

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...

8.4AI score0.01379EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/26 12:0 a.m.13 views

CVE-2023-49960

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...

7.1AI score0.00664EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/13 12:0 a.m.16 views

Fedora 38 : rubygem-httparty (2024-a5aad4eede)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a5aad4eede advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...

5.3CVSS5.8AI score0.0129EPSS
Exploits1References2
Prion
Prion
added 2020/03/18 7:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

7.5CVSS9.4AI score0.01464EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/18 5:25 p.m.23 views

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

9.5AI score0.01464EPSS
Exploits1References1
CVE
CVE
added 2020/03/18 5:1 p.m.59 views

CVE-2019-12112

CVE-2019-12112 affects ONAP SDNC (pre-Dublin). The issue arises when an unauthenticated user uses sla/upload with a crafted filename parameter, allowing arbitrary command execution. All SDC setups that include admportal are affected. The provided documents do not specify the exact vulnerable vers...

9.8CVSS9.4AI score0.01464EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder