133 matches found
EUVD-2003-1136
Malware in sbrugna...
EUVD-2005-0381
Malware in sbrugna...
EUVD-2018-10759
Malware in sbrugna...
EUVD-2018-13148
Malware in sbrugna...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory. PoC const tmp =...
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
Summary [email protected] is vulnerable to an Arbitrary temporary file / directory write via symbolic link dir parameter. Details According to the documentation there are some conditions that must be held: // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1L41-L50 Other breaking changes,...
CVE-2024-10684
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
CVE-2023-2117
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...
CVE-2022-40282
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is...
CVE-2018-20597
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...
CVE-2017-1000234
I, Librarian version =4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter...
The vulnerability of the FTP server PMan FTP Server arises from the possibility of operations occurring outside the buffer in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries in memory when processing the dir parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...
KUNBUS Revolution Pi 路径遍历漏洞
KUNBUS Revolution Pi is an open, modular and cost-effective Raspberry Pi based industrial PC from KUNBUS. A path traversal vulnerability exists in the KUNBUS Revolution Pi, which stems from the dir parameter of the /pictory/php/getFileList.php page containing a path traversal vulnerability...
CVE-2024-10684
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-35860
A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php...
nginxWebUI 路径遍历漏洞
nginxWebUI is an nginx web configuration tool. A path traversal vulnerability exists in nginxWebUI, which stems from the failure of the dir parameter of the findCountByQuery method of the /adminPage/www/addOver file to correctly filter for special elements in the path of a resource or file. An...
Tenda AC15 安全漏洞
Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. Tenda AC15 suffers from a stack buffer overflow...
Tenda AC18 安全漏洞
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users, supporting 2.4GHz and 5GHz dual-band, with a maximum transmission rate of 1900Mbps. Tenda AC18 suffers from a stack buffer overflow vulnerability that...
CVE-2022-47532
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request...