949 matches found
CVE-2020-9012
A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...
CVE-2020-25881
A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete⊂==../../../../111.txt=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file...
CVE-2020-25247
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter...
CVE-2020-20975
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...
CVE-2019-10238
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...
CVE-2019-9632
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request...
CVE-2019-17523
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...
CVE-2017-11178
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked...
CVE-2012-4873
Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...
CVE-2013-1085
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...
CVE-2014-2864
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences...
CVE-2025-5000
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function controlpanelsw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command...
CoinExchange_CryptoExchange_Java 路径遍历漏洞
CoinExchangeCryptoExchangeJava is a Java open source cryptocurrency exchange platform for individual developers of open source digital currency exchanges. A path traversal vulnerability exists in CoinExchangeCryptoExchangeJava, which stems from incorrect manipulation of the parameter filename in...
ecommerce-spring-reactjs 路径遍历漏洞
ecommerce-spring-reactjs is an e-commerce webstore by the individual developer Miroslav Khotinskiy. A path traversal vulnerability exists in ecommerce-spring-reactjs, which stems from incorrect manipulation of the parameter filename in the component File Upload Endpoint resulting in path traversa...
Prison Management System Stack Buffer Overflow Vulnerability
Prison Management System is a prison management system. Prison Management System suffers from a stack buffer overflow vulnerability that originates from the parameter filename of the addrecord function in the PrisonMgmtSys component that fails to properly validate the length of the input data,...
libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header
A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...
CVE-2025-44844
TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44854
TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44854
TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44838
TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...