Lucene search
K

133 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-1136

Malware in sbrugna...

6.8CVSS6.4AI score0.0348EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0381

Malware in sbrugna...

7.5CVSS6.4AI score0.04427EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-10759

Malware in sbrugna...

6.1CVSS6.3AI score0.02631EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-13148

Malware in sbrugna...

4.8CVSS5.1AI score0.00553EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/06 5:6 p.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory. PoC const tmp =...

6.8CVSS7AI score0.00309EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/08/06 5:6 p.m.11 views

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

Summary [email protected] is vulnerable to an Arbitrary temporary file / directory write via symbolic link dir parameter. Details According to the documentation there are some conditions that must be held: // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1L41-L50 Other breaking changes,...

5.3CVSS6.3AI score0.00309EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.3 views

CVE-2024-10684

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:27 a.m.10 views

CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

7.5CVSS6.7AI score0.00703EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:8 a.m.5 views

CVE-2023-2117

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...

2.7CVSS6.5AI score0.00665EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:25 p.m.3 views

CVE-2022-40282

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is...

8.8CVSS8.7AI score0.03966EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:4 a.m.7 views

CVE-2018-20597

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...

4.8CVSS5.9AI score0.00553EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:21 a.m.5 views

CVE-2017-1000234

I, Librarian version =4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter...

5.3CVSS6.9AI score0.01192EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/06 12:0 a.m.5 views

The vulnerability of the FTP server PMan FTP Server arises from the possibility of operations occurring outside the buffer in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries in memory when processing the dir parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

7.5CVSS7.6AI score0.0062EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.4 views

KUNBUS Revolution Pi 路径遍历漏洞

KUNBUS Revolution Pi is an open, modular and cost-effective Raspberry Pi based industrial PC from KUNBUS. A path traversal vulnerability exists in the KUNBUS Revolution Pi, which stems from the dir parameter of the /pictory/php/getFileList.php page containing a path traversal vulnerability...

4.3CVSS6.8AI score0.00441EPSS
Exploits0References2
OSV
OSV
added 2024/11/13 3:15 a.m.4 views

CVE-2024-10684

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS7.4AI score0.00376EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/06/13 4:15 p.m.2 views

CVE-2023-35860

A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php...

5.3CVSS5.4AI score0.00803EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/13 12:0 a.m.4 views

nginxWebUI 路径遍历漏洞

nginxWebUI is an nginx web configuration tool. A path traversal vulnerability exists in nginxWebUI, which stems from the failure of the dir parameter of the findCountByQuery method of the /adminPage/www/addOver file to correctly filter for special elements in the path of a resource or file. An...

9.8CVSS6.9AI score0.009EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.3 views

Tenda AC15 安全漏洞

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. Tenda AC15 suffers from a stack buffer overflow...

9CVSS8.2AI score0.01619EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/15 12:0 a.m.3 views

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users, supporting 2.4GHz and 5GHz dual-band, with a maximum transmission rate of 1900Mbps. Tenda AC18 suffers from a stack buffer overflow vulnerability that...

9CVSS7.5AI score0.01684EPSS
Exploits1References4
OSV
OSV
added 2023/12/22 4:15 a.m.3 views

CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

9.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder