Lucene search
K

133 matches found

Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.5 views

PT-2022-24087 · Tenda · Tenda Ac1206

Name of the Vulnerable Software and Affected Versions: Tenda AC1206 version 15.03.06.23 Description: A stack overflow issue was discovered, related to the speed dir parameter in the formSetSpeedWan function. Recommendations: For version 15.03.06.23, consider restricting access to the...

9.8CVSS9.4AI score0.01013EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.3 views

FileRun 安全漏洞

FileRun is a PHP web hosting program similar to Nextcloud by FileRun. A security vulnerability exists in FileRun version 20220519, which originates from SQL injection via the "dir" parameter in the /?module=users&section=cpanel&page=list request...

9.8CVSS8.6AI score0.00628EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/02/03 12:0 a.m.2 views

PT-2022-15950 · Mozilo · Mozilo

Name of the Vulnerable Software and Affected Versions: mozilo version 2.0 Description: The issue allows directory traversal attacks via the curent dir parameter. Recommendations: For version 2.0, consider restricting access to the curent dir parameter to minimize the risk of exploitation...

9.1CVSS9.2AI score0.19877EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/04/02 7:58 p.m.13 views

CVE-2020-21590

Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter...

4.8AI score0.01255EPSS
Exploits1References2
OSV
OSV
added 2020/05/18 5:15 p.m.1 views

DEBIAN-CVE-2020-8034

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webma...

6.1CVSS6.2AI score0.00974EPSS
Exploits0References1
CVE
CVE
added 2020/05/18 4:7 p.m.101 views

CVE-2020-8034

CVE-2020-8034 affects Gollem before 3.0.13 (used in Horde Groupware Webmail Edition 5.2.22 and other products). The vulnerability is a reflected XSS via the HTTP GET dir parameter in the browser functionality, impacting breadcrumb output. Exploitation can lead to an attacker gaining access to a v...

6.1CVSS5.8AI score0.00974EPSS
Exploits0References5Affected Software2
Talos
Talos
added 2019/12/02 12:0 a.m.49 views

Forma LMS 2.2.1 ajax.adm_server.php dir parameter SQL injections

Summary Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...

8.8CVSS8.6AI score0.01064EPSS
Exploits1
OSV
OSV
added 2019/11/06 3:15 p.m.3 views

CVE-2019-13076

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...

8.8CVSS7.5AI score0.01235EPSS
Exploits0References2
OSV
OSV
added 2019/01/31 7:29 p.m.3 views

CVE-2018-19041

The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

6.1CVSS5.8AI score0.02631EPSS
Exploits2References1
OSV
OSV
added 2019/01/31 7:29 p.m.1 views

CVE-2018-19040

The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

5.3CVSS5.8AI score0.12128EPSS
Exploits2References1
CNVD
CNVD
added 2018/12/31 12:0 a.m.2 views

UCMS cross-site scripting vulnerability (CNVD-2019-00981)

UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in UCMS version 1.4.7. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'dir' parameter...

4.8CVSS5.9AI score0.00553EPSS
Exploits1References1
OSV
OSV
added 2018/12/30 9:29 p.m.4 views

CVE-2018-20597

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadminfileedit action...

4.8CVSS5.8AI score0.00553EPSS
Exploits1References1
CVE
CVE
added 2018/12/30 9:0 p.m.41 views

CVE-2018-20597

UCMS 1.4.7 is affected by a cross-site scripting (XSS) vulnerability caused by unsafely handling the dir parameter in the sadmin_fileedit action of index.php. The issue allows injection of arbitrary HTML/JavaScript in user-visible pages. No exploits or practical in-the-wild details are provided i...

4.8CVSS4.9AI score0.00553EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2018/12/17 3:0 p.m.18 views

CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string...

6.1CVSS6.3AI score0.00717EPSS
Exploits1
CNVD
CNVD
added 2018/09/17 12:0 a.m.2 views

CScms Arbitrary Directory Deletion Vulnerability

CScms is a content management system CMS developed on a CI framework. An arbitrary directory deletion vulnerability exists in CScms version 4.1. An attacker can delete arbitrary directories by sending a dir=... to the plugins\sys\admin\Plugins.php page. \\ sub-string to the...

7.5CVSS7.6AI score0.01412EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/04 12:0 a.m.1 views

phpkaiyuancms PhpOpenSourceCMS SQL Injection Vulnerability

phpkaiyuancms PhpOpenSourceCMS POSCMS is a PHP and MySQL based, cross-platform, open source web content management system CMS. A SQL injection vulnerability exists in POSCMS version 3.2.0, which can be exploited by remote attackers to execute arbitrary SQL commands with the help of the 'dir'...

9.8CVSS10AI score0.01582EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/02 12:0 a.m.3 views

Sandoba CP:Shop '. /cpshop/' module cross-site scripting vulnerability

Sandoba CP:Shop is a set of online store system of German Sandoba company. The system sales management, financial management and site search and other functions. The Sandoba CP:Shop 2016.1 version of the '. /cpshop/' module has a cross-site scripting vulnerability in the 'admin.php' file. The...

6.1CVSS6.1AI score0.00813EPSS
Exploits3References1
Cvelist
Cvelist
added 2016/12/24 11:0 a.m.17 views

CVE-2016-10039

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles...

7AI score0.01762EPSS
Exploits0References3
CNVD
CNVD
added 2016/11/03 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in dir Parameter of Mixcall Seat Management System

Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. An arbitrary file deletion vulnerability exists in t...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/11/28 3:59 p.m.27 views

CVE-2014-9089

Multiple SQL injection vulnerabilities in viewallbugpage.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the 1 sort or 2 dir parameter to viewallset.php...

7.5CVSS6.2AI score0.02419EPSS
Exploits1References3
Rows per page
Query Builder