134 matches found
CVE-2022-47532
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request...
CVE-2022-47532
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request...
CVE-2022-47532
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request...
PT-2023-15390 · Filerun · Filerun
Name of the Vulnerable Software and Affected Versions: FileRun version 20220519 Description: The issue allows SQL Injection via the dir parameter in a "/?module=users§ion=cpanel&page=list" API endpoint. This could potentially lead to unauthorized access to sensitive data. Recommendations: For...
The vulnerability in the graphtemplates.php script of the Nagios XI monitoring tool allows a hacker to execute arbitrary code.
The vulnerability in the graphtemplates.php script of the Nagios XI monitoring tool is related to errors in information representation by the user interface when processing the dir parameter. Exploiting this vulnerability allows a malicious actor to gain access to read, modify, or delete data, or...
PT-2023-7761 · Nagios Xi · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the graphtemplates.php script in Nagios XI, which is vulnerable due to errors in handling the dir parameter. This can allow a remote attacker to read, modify, or...
CVE-2023-37703
Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speeddir parameter in the formSetSpeedWan function...
PT-2023-11588 · Unknown · Nucleus Cms
Name of the Vulnerable Software and Affected Versions: NucleusCMS version 3.71 Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the "https://example.com/nucleus/plugins/skinfiles/?dir=rsd" API endpoint, where the dir parameter is set to rsd...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
UJCMS 安全漏洞
UJCMS is UJCMS open source a Java open source content management system . A security vulnerability exists in UJCMS v6.0.2. An attacker exploited the vulnerability to obtain sensitive information via the dir parameter of /api/backend/core/web-file-html/download-zip...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
PT-2023-25044 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: Ujcms version 6.0.2 Description: An issue in Ujcms allows attackers to gain sensitive information via the dir parameter to the "/api/backend/core/web-file-html/download-zip" API endpoint. Recommendations: For Ujcms version 6.0.2, as a tempora...
CVE-2023-2117
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...
CVE-2023-2117
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...
PT-2023-17958 · 10Web · The Image Optimizer
Name of the Vulnerable Software and Affected Versions: The Image Optimizer by 10web WordPress plugin versions prior to 1.0.27 Description: The issue allows high-privileged users, such as admins, to inspect names of files and directories outside of the site's root. This is due to the plugin not...
AudioCodes Device Manager Express 路径遍历漏洞
AudioCodes Device Manager Express is a powerful lifecycle management tool for AudioCodes IP phones, EPOS and Jabra headsets and speakers from AudioCodes Israel. A path traversal vulnerability exists in AudioCodes Device Manager Express 7.8.20002.47752 and prior versions, which stems from a...
The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 allows a hacker to execute arbitrary commands.
The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the dir...
PT-2022-27888 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the speed dir parameter at the "/goform/SetSpeedWan" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, as a temporary workaround, consider...
Hirschmann BAT-C2 安全漏洞
Hirschmann BAT-C2 is a wireless access point from Hirschmann Germany. A command injection vulnerability exists in versions prior to belden Hirschmann BAT-C2 09.13.01.00R04, which stems from a failure to adequately handle the dir parameter of the FsCreateDir Ajax function in the web server, and ca...