Tiandy Easy7 Integrated Management Platform 代码问题漏洞

Tiandy Easy7 Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. The version 7.17.0 of Tiandy Easy7 Integrated Management Platform contains a code vulnerability. This vulnerability stems from the handling of the File...

EUVD-2025-198992

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

PT-2025-47402

Name of the Vulnerable Software and Affected Versions Mozart FM Transmitter version WEBMOZZI-00287 Description The Mozart FM Transmitter web management interface contains an unauthenticated file upload issue. An attacker can exploit this by sending a crafted POST request with a malicious file to...

CVE-2025-9504

CVE-2025-9504 affects Campcodes Online Loan Management System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /ajax.php?action=save_plan, caused by manipulation of the ID argument. Exploitation can be performed remotely, and public exploits are available. Techni...

CVE-2012-10061

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...

CVE-2025-7441

The CVE-2025-7441 issue affects WordPress StoryChief/plugin versions up to 1.0.42. It centers on an unauthenticated, arbitrary file upload via the /wp-json/storychief/webhook endpoint, which lacks sufficient file-type validation, enabling an attacker to store attacker-controlled content (e.g., PH...

PT-2025-33527

Name of the Vulnerable Software and Affected Versions: StoryChief plugin for WordPress versions up to and including 1.0.42 Description: The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filetype validation. This occurs through the...

PT-2025-33405 · Unknown · Givanz Vvveb

Name of the Vulnerable Software and Affected Versions: givanz Vvveb versions up to 1.0.5 Description: A vulnerability exists in givanz Vvveb up to version 1.0.5, affecting unknown code within the /vadmin123/index.php?module=content/post&type=post file of the Endpoint component. This manipulation...

CVE-2024-8559

A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2025-32943 PeerTube HLS Video Files Path Traversal

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...

CVE-2024-8438

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...

QR Code Bookmark System 跨站脚本漏洞

QR Code Bookmark System is a QR code bookmark system by rems individual developers. A cross-site scripting vulnerability exists in version 1.0 of the QR Code Bookmark System, which stems from a cross-site scripting vulnerability in the bookmark parameter of the /endpoint/delete-bookmark.php file...

Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the TempFileName parameter provided to the...

Cisco Data Center Network Manager readConfigFileFromDB Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

ownCloud Server Denial of Service Vulnerability

ownCloud Server is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek; ownCloud Server is a server edition. A denial of service vulnerability exists in ownCloud Server versions prior to 6.0.8, 8.0.x versions prior to 8.0.4 and 7.0.x versions...

CVE-2015-4717

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service infinite loop and log file consumption via crafted endpoint...