951 matches found
Four-Faith Water Conservancy Informatization 安全漏洞
Four-Faith Water Conservancy Informatization is a water conservancy informatization system from China Four-Faith Four-Faith. A security vulnerability exists in Four-Faith Water Conservancy Informatization version 1.0, which stems from an incorrect manipulation of the parameter fileName in the fil...
PT-2025-38528
Name of the Vulnerable Software and Affected Versions Four-Faith Water Conservancy Informatization Platform version 1.0 Description A path traversal vulnerability exists due to the manipulation of the fileName argument. This issue affects some unknown functionality within the files...
CVE-2025-5993
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...
CVE-2025-5993
CVE-2025-5993 — ITCube CRM path traversal affects ITCube CRM versions 2023.2–2025.2. The vulnerability arises from an insecure fileName parameter, enabling an unauthenticated attacker to craft payloads that download arbitrary files accessible to the web server process. Impact is primarily confide...
CVE-2025-5993 Path Traversal in ITCube CRM
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...
ITCube CRM 路径遍历漏洞
ITCube CRM is a customer relationship management system from ITCube Japan. A path traversal vulnerability exists in ITCube CRM version 2025.2 and prior versions, which stems from a path traversal vulnerability in the fileName parameter that could lead to an arbitrary file download...
PT-2025-36453
Name of the Vulnerable Software and Affected Versions: ITCube CRM versions 2023.2 through 2025.2 Description: ITCube CRM is susceptible to a path traversal issue. An unauthenticated remote attacker can exploit the fileName parameter to construct payloads that enable the download of any file...
CVE-2025-9575
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...
CVE-2025-30057
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...
CGM CLININET Code Injection Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...
CVE-2025-9575
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...
CVE-2025-9575
Summary: CVE-2025-9575 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. The issue resides in the /cgi-bin/upload.cgi file, specifically the cgiMain function, where manipulation of the filename argument enables operating system command injection. The vulnerability can be exploite...
PT-2025-35124
Name of the Vulnerable Software and Affected Versions Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...
Linksys多款产品 安全漏洞
Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE6250 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless...
CVE-2025-30057
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...
CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...
CVE-2025-30057
Technical details about CVE-2025-30057 are not publicly provided in the supplied documents. Monitor for updates when new information becomes available.
CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...
PT-2025-34852 · Uhcrtfdoc · Uhcrtfdoc
Name of the Vulnerable Software and Affected Versions: UHCRTFDoc affected versions not specified Description: The filename parameter in UHCRTFDoc can be exploited to execute arbitrary code through command injection into the system function call within the ConvertToPDF function. Recommendations: A...
CGM CLININET 代码注入漏洞
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...