Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:24 p.m.5 views

CVE-2022-3940

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...

9.8CVSS8.8AI score0.00641EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.6 views

PT-2024-38145 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue was found in the setUploadSetting function of the /cgi-bin/cstecgi.cgi file. The manipulation of the FileName argument leads to a buffer overflow. This issue can be...

9CVSS8.8AI score0.01091EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2023/08/29 9:25 p.m.37 views

CVE-2023-39810

A flaw was found in the BusyBox tool. This issue occurs in the cpio command of BusyBox and may allow attackers to execute a directory traversal. If untrusted archives are extracted, this can result in files written outside of the destination directory or files being overwritten that contain...

7.3CVSS6.7AI score0.00704EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.7 views

PT-2022-24958 · Unknown · Lanyulei Ferry

Name of the Vulnerable Software and Affected Versions: lanyulei ferry affected versions not specified Description: A problematic issue was found in lanyulei ferry, affecting an unknown part of the file apis/process/task.go. The manipulation of the file name argument leads to path traversal...

9.8CVSS9.3AI score0.00641EPSS
Exploits0References4
Hacker One
Hacker One
added 2018/02/25 6:53 a.m.30 views

Node.js third-party modules: `whereis` concatenates unsanitized input into exec() command

I would like to report command injection in whereis It allows to inject arbitrary shell commands by trying to locate crafted filenames. Module module name: whereis version: 0.4.0 npm page: https://www.npmjs.com/package/whereis Module Description Simply get the first path to a bin on any system...

7.5CVSS9.6AI score0.0276EPSS
Exploits1
Prion
Prion
added 2012/10/12 8:55 p.m.15 views

Buffer overflow

Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method...

9.3CVSS8.6AI score0.05743EPSS
Exploits1References4Affected Software2
Debian CVE
Debian CVE
added 2012/06/16 12:0 a.m.34 views

CVE-2012-0212

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument...

9.3CVSS7.5AI score0.05816EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2012/02/15 12:0 a.m.18 views

CVE-2012-0212

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument...

9.3CVSS6.2AI score0.05816EPSS
Exploits0References4
NVD
NVD
added 2005/05/02 4:0 a.m.17 views

CVE-2005-1187

Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability...

5.1CVSS7.9AI score0.02045EPSS
Exploits0References3
Rows per page
Query Builder