Lucene search
K

134 matches found

OSV
OSV
added 2023/12/22 4:15 a.m.4 views

CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

9.8CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/22 4:15 a.m.8 views

CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

9.8CVSS7.5AI score0.00628EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/22 12:0 a.m.23 views

CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

10AI score0.00628EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.6 views

PT-2023-15390 · Filerun · Filerun

Name of the Vulnerable Software and Affected Versions: FileRun version 20220519 Description: The issue allows SQL Injection via the dir parameter in a "/?module=users&section=cpanel&page=list" API endpoint. This could potentially lead to unauthorized access to sensitive data. Recommendations: For...

9.8CVSS9.6AI score0.00628EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/12/19 12:0 a.m.6 views

The vulnerability in the graphtemplates.php script of the Nagios XI monitoring tool allows a hacker to execute arbitrary code.

The vulnerability in the graphtemplates.php script of the Nagios XI monitoring tool is related to errors in information representation by the user interface when processing the dir parameter. Exploiting this vulnerability allows a malicious actor to gain access to read, modify, or delete data, or...

6.6CVSS5.8AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.3 views

PT-2023-7761 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the graphtemplates.php script in Nagios XI, which is vulnerable due to errors in handling the dir parameter. This can allow a remote attacker to read, modify, or...

5.8CVSS7.2AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/07/10 5:15 p.m.5 views

CVE-2023-37703

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speeddir parameter in the formSetSpeedWan function...

9.8CVSS7.4AI score0.00903EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.4 views

PT-2023-11588 · Unknown · Nucleus Cms

Name of the Vulnerable Software and Affected Versions: NucleusCMS version 3.71 Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the "https://example.com/nucleus/plugins/skinfiles/?dir=rsd" API endpoint, where the dir parameter is set to rsd...

9.8CVSS7.7AI score0.01169EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/06/14 2:15 p.m.4 views

CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References2
NVD
NVD
added 2023/06/14 2:15 p.m.30 views

CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.5 views

UJCMS 安全漏洞

UJCMS is UJCMS open source a Java open source content management system . A security vulnerability exists in UJCMS v6.0.2. An attacker exploited the vulnerability to obtain sensitive information via the dir parameter of /api/backend/core/web-file-html/download-zip...

7.5CVSS7.3AI score0.00703EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/14 12:0 a.m.23 views

CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

7.7AI score0.00703EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.4 views

PT-2023-25044 · Ujcms · Ujcms

Name of the Vulnerable Software and Affected Versions: Ujcms version 6.0.2 Description: An issue in Ujcms allows attackers to gain sensitive information via the dir parameter to the "/api/backend/core/web-file-html/download-zip" API endpoint. Recommendations: For Ujcms version 6.0.2, as a tempora...

7.5CVSS6.8AI score0.00703EPSS
Exploits1References4
NVD
NVD
added 2023/05/30 8:15 a.m.29 views

CVE-2023-2117

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...

2.7CVSS3.4AI score0.00665EPSS
Exploits2References1
OSV
OSV
added 2023/05/30 8:15 a.m.4 views

CVE-2023-2117

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...

2.7CVSS6.5AI score0.00665EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.5 views

PT-2023-17958 · 10Web · The Image Optimizer

Name of the Vulnerable Software and Affected Versions: The Image Optimizer by 10web WordPress plugin versions prior to 1.0.27 Description: The issue allows high-privileged users, such as admins, to inspect names of files and directories outside of the site's root. This is due to the plugin not...

2.7CVSS9.5AI score0.00665EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/02/24 12:0 a.m.7 views

AudioCodes Device Manager Express 路径遍历漏洞

AudioCodes Device Manager Express is a powerful lifecycle management tool for AudioCodes IP phones, EPOS and Jabra headsets and speakers from AudioCodes Israel. A path traversal vulnerability exists in AudioCodes Device Manager Express 7.8.20002.47752 and prior versions, which stems from a...

9.8CVSS8.3AI score0.37246EPSS
Exploits4References3
BDU FSTEC
BDU FSTEC
added 2022/12/30 12:0 a.m.8 views

The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 allows a hacker to execute arbitrary commands.

The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the dir...

9.1CVSS7.9AI score0.03966EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/20 12:0 a.m.5 views

PT-2022-27888 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the speed dir parameter at the "/goform/SetSpeedWan" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, as a temporary workaround, consider...

7.5CVSS7.6AI score0.00815EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.5 views

Hirschmann BAT-C2 安全漏洞

Hirschmann BAT-C2 is a wireless access point from Hirschmann Germany. A command injection vulnerability exists in versions prior to belden Hirschmann BAT-C2 09.13.01.00R04, which stems from a failure to adequately handle the dir parameter of the FsCreateDir Ajax function in the web server, and ca...

8.8CVSS7.5AI score0.03966EPSS
Exploits2References6
Rows per page
Query Builder