31 matches found
VIVOTEK Network Camera Security Vulnerability
VIVOTEK Network Camera is a webcam from VIVOTEK. A security vulnerability exists in VIVOTEK Network Camera version v.FD8166A-VVTK-0204j, which originates from a vulnerability that allows remote attackers to execute arbitrary code via the uploadfile.cgi component...
CVE-2024-1034
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...
CVE-2023-3561
A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. It is possible to initiate...
CVE-2022-40475
TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...
EUVD-2021-30618
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution...
zyx0814 dzzoffice 跨站脚本漏洞
DzzOffice is a platform from IBM DzzOffice in the United States that provides online collaborative office suite functionality. The platform can be used to provide online documents, forms, webstores, presentations, and other features. zyx0814 A cross-site scripting vulnerability exists in dzzoffic...
CVE-2017-9386
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "getfile.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows a...
CVE-2015-4330
A local file script in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556...
CVE-2015-4330
Cisco TelePresence Video Communication Server Expressway X8.5.2 contains a local file script vulnerability that lets an authenticated, local attacker gain elevated OS-command execution by supplying invalid parameters to a local script. Root cause is insufficient protection of the local script, en...
CVE-2015-4330
A local file script in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556...
Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
A vulnerability in a local file script in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privilege. The vulnerability is due to insufficient protection of a...