949 matches found
ruoyi-go 路径遍历漏洞
ruoyi-go is a backend management system for individual developers at lostvip.com. A path traversal vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from the improper handling of the fileName parameter in the DownloadTmp/DownloadUpload function in the file...
Linux Distros Unpatched Vulnerability : CVE-2021-43300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack overflow in PJSUA API when calling pjsuarecordercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a...
Viglet Shio CMS 安全漏洞
Viglet Shio CMS is a content management system from Viglet Open Source. A security vulnerability exists in Viglet Shio CMS version 0.3.8 and earlier, which stems from the incorrect operation of the parameter fileName in the file...
Viglet Shio CMS 安全漏洞
Viglet Shio CMS is a content management system from Viglet Open Source. A security vulnerability exists in Viglet Shio CMS version 0.3.8 and earlier, which stems from a misbehavior of the parameter filename in the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java tha...
CVE-2025-7628
A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to...
kkFileViewOfficeEdit 路径遍历漏洞
kkFileViewOfficeEdit is a file online preview and online editing software for OFFICE by YiJiuSmile personal developer. A path traversal vulnerability exists in kkFileViewOfficeEdit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and prior versions, which stems from a path traversal vulnerability caused ...
gorobbs 路径遍历漏洞
gorobbs is a full-text search engine by letseeqiji's individual developers. A path traversal vulnerability exists in gorobbs 1.0.8 and earlier versions, which stems from a path traversal caused by the parameter filename operation...
Simple forum forum_downloadfile.php path traversal vulnerability
Simple forum is a simple forum. Simple forum suffers from a path traversal vulnerability, which stems from the parameter filename in the file /forumdownloadfile.php failing to properly filter for special elements in the path of a resource or file. An attacker can exploit this vulnerability to cau...
CVE-2025-6866
A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forumdownloadfile.php. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been...
Code-Projects Simple Forum 路径遍历漏洞
Simple forum is a simple forum. Simple forum suffers from a path traversal vulnerability, which stems from the parameter filename in the file /forumdownloadfile.php failing to properly filter for special elements in the path of a resource or file. An attacker can exploit this vulnerability to cau...
sublinkX 路径遍历漏洞
sublinkX is an open source node subscription conversion and generation management system developed by Chen Hui. A path traversal vulnerability exists in sublinkX 1.8 and earlier versions, which stems from the incorrect operation of the parameter filename in the file api/template.go, resulting in...
TOTOLINK CA300-PoE 命令注入漏洞
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE upgrade.so file, which stems from the parameter FileName of the file upgrade.so failing to correctly filter construct command special characters...
Steel Browser 安全漏洞
Steel Browser is an open source browser API for an artificial intelligence agent open-sourced by Steel. A security vulnerability exists in Steel Browser version 0.1.3 and earlier, which stems from path traversal due to the filename parameter operation in the api/src/modules/files/files.routes.ts...
H3C SecCenter SMP-E1114P02 路径遍历漏洞
H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter filename in the file...
H3C SecCenter SMP-E1114P02 路径遍历漏洞
H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter filename in the file...
CVE-2024-7356
The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-30849
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/productsphoto.php...
CVE-2024-24025
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
CVE-2024-37673
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter...
CVE-2024-25525
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...