842 matches found
CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...
CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...
TinyFileManager 安全漏洞
TinyFileManager is a web-based file manager developed by Prasathmani. It allows for online storage, uploading, editing, and management of files and folders through a web browser. Versions of TinyFileManager 2.6 and earlier contained security vulnerabilities, which stemmed from the handling of the...
PT-2026-33459
Name of the Vulnerable Software and Affected Versions Prasathmani TinyFileManager versions prior to 2.7 Description A path traversal issue exists in the POST Parameter Handler component within the '/filemanager.php' file. Remote attackers can manipulate the file argument to access files and...
CVE-2026-5212
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
EUVD-2026-17662
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
CVE-2026-5212
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
CVE-2026-5212 D-Link DNS-1550-04 webdav_mgr.cgi Webdav_Upload_File stack-based overflow
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
CVE-2026-30556
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...
CVE-2026-4624
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...
CVE-2026-4567
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...
SourceCodester Malawi Online Market SQL注入漏洞
SourceCodester Malawi Online Market is an open-source online marketplace and e-commerce management system developed using the PHP language by SourceCodester. Version 1.0 of SourceCodester Malawi Online Market contains a SQL injection vulnerability, which stems from incorrect handling of the...
CVE-2019-25643
CVE-2019-25643 affects eNdonesia Portal v8.7 and describes multiple SQL injection vulnerabilities in banners.php via the bid parameter. The flaws allow unauthenticated attackers to execute arbitrary SQL and exfiltrate information from INFORMATION_SCHEMA tables. The vulnerability is characterized ...
CVE-2026-33354
CVE-2026-33354 affects WWBN AVideo up to version 26.0, where POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile path. The local path check (isValidURLOrPath) allows broad server directories (e.g., /var/www/, app root, cache, tmp, videos) while rejecting only .php files....
Path Traversal
croogo/croogo is vulnerable to path traversal. The vulnerability is due to improper validation of the edit-file parameter, which allows an attacker to craft malicious file paths and read arbitrary files on the server...
EUVD-2026-14349
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...
CVE-2026-4567
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...
CVE-2026-4567
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...
CVE-2026-4567 Tenda A15 UploadCfg stack-based overflow
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...
CVE-2026-4567
CVE-2026-4567 affects Tenda A15 firmware 15.13.07.13. The vulnerability is a stack-based buffer overflow in the UploadCfg function (/cgi-bin/UploadCfg) triggered by manipulating the File argument, allowing remote exploitation. Public exploit information exists. Red Hat/EUVD/NVD references corrobo...