Lucene search
K

949 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:53 p.m.5 views

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

6.1CVSS5.7AI score0.00777EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 p.m.5 views

CVE-2020-25881

A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete⊂==../../../../111.txt=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file...

5.5CVSS6.7AI score0.01183EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 p.m.12 views

CVE-2020-25247

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter...

7.5CVSS7AI score0.015EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.13 views

CVE-2020-20975

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...

9.8CVSS8.2AI score0.0128EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.6 views

CVE-2019-10238

Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...

6.1CVSS6.1AI score0.00826EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.4 views

CVE-2019-9632

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request...

7.5CVSS7.1AI score0.39885EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.8 views

CVE-2019-17523

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...

5.4CVSS6.3AI score0.00633EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 a.m.5 views

CVE-2017-11178

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked...

7.5CVSS7.7AI score0.00529EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:31 a.m.6 views

CVE-2012-4873

Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

4.3CVSS5.9AI score0.01631EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:41 a.m.9 views

CVE-2013-1085

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...

9.3CVSS8.5AI score0.05591EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 a.m.6 views

CVE-2014-2864

Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences...

10CVSS7.3AI score0.05058EPSS
Exploits0References1
OSV
OSV
added 2025/05/20 9:15 p.m.3 views

CVE-2025-5000

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function controlpanelsw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command...

9.8CVSS5.6AI score0.08686EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/18 12:0 a.m.1 views

CoinExchange_CryptoExchange_Java 路径遍历漏洞

CoinExchangeCryptoExchangeJava is a Java open source cryptocurrency exchange platform for individual developers of open source digital currency exchanges. A path traversal vulnerability exists in CoinExchangeCryptoExchangeJava, which stems from incorrect manipulation of the parameter filename in...

6.5CVSS6.5AI score0.00373EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/18 12:0 a.m.2 views

ecommerce-spring-reactjs 路径遍历漏洞

ecommerce-spring-reactjs is an e-commerce webstore by the individual developer Miroslav Khotinskiy. A path traversal vulnerability exists in ecommerce-spring-reactjs, which stems from incorrect manipulation of the parameter filename in the component File Upload Endpoint resulting in path traversa...

6.5CVSS6.5AI score0.00373EPSS
Exploits0References6
CNVD
CNVD
added 2025/05/07 12:0 a.m.2 views

Prison Management System Stack Buffer Overflow Vulnerability

Prison Management System is a prison management system. Prison Management System suffers from a stack buffer overflow vulnerability that originates from the parameter filename of the addrecord function in the PrisonMgmtSys component that fails to properly validate the length of the input data,...

7.8CVSS5.7AI score0.00288EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/05/05 1:24 a.m.8 views

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7.3AI score0.00694EPSS
Exploits0References5
OSV
OSV
added 2025/05/01 5:15 p.m.5 views

CVE-2025-44844

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.5CVSS6.1AI score0.00903EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 2:15 p.m.4 views

CVE-2025-44854

TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.3CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2025/05/01 12:0 a.m.11 views

CVE-2025-44854

TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.00884EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/01 12:0 a.m.7 views

CVE-2025-44838

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

8.8AI score0.00884EPSS
Exploits1References1
Rows per page
Query Builder