842 matches found
CVE-2026-28769
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
EUVD-2026-9365
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
EUVD-2026-9364
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28769
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28770 XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
CVE-2026-28770
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
CVE-2026-28770
CVE-2026-28770 affects IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The issue is improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script, where input from the file parameter is echoed unsanitized into a CDATA block, enabling an a...
CVE-2026-28769 LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28769
The CVE concerns IDC SFX Series SuperFlex Satellite Receiver Web management portal (version 101). An authenticated user can abuse the /IDC_Logging/checkifdone.cgi script by manipulating the file parameter to perform directory traversal, enabling enumeration of arbitrary filesystem files. The root...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...
PT-2026-22621
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
Exploit for CVE-2026-2670
exploit-CVE-2026-2670 CVE-2026-2670 – Advantech WISE-6610...
CVE-2026-2684
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.21080262532. The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be...
Tsinghua Unigroup Electronic Archives System 代码问题漏洞
Tsinghua Unigroup Electronic Archives System is an electronic archive management system of Tsinghua Unigroup. There are code issues and vulnerabilities in versions 3.2.21080262532 and earlier of Tsinghua Unigroup Electronic Archives System. These vulnerabilities stem from incorrect handling of th...
CVE-2026-2426
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
CVE-2026-2426 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
Base Admin 代码问题漏洞
Base Admin is a backend management system developed by huanzi-qch as an individual developer. Base Admin has code-related vulnerabilities; these vulnerabilities stem from incorrect handling of the File parameter in the Upload function within the SysFileController.java file, which could lead to th...
PT-2026-20380
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
CVE-2025-13681
The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied firstfile parameter in the zip function. This makes it possible for authenticated attackers, with...
CVE-2025-13681 BFG Tools – Extension Zipper <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter
The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied firstfile parameter in the zip function. This makes it possible for authenticated attackers, with...