Lucene search
K

949 matches found

Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.4 views

PT-2025-1807 · WordPress · System Dashboard

Name of the Vulnerable Software and Affected Versions: System Dashboard plugin for WordPress versions up to, and including, 2.8.15 Description: The issue is related to Reflected Cross-Site Scripting via the Filename parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS8.7AI score0.00385EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/29 12:0 a.m.4 views

SourceCodester Online Courseware 代码注入漏洞

SourceCodester Online Courseware is a Sourcecodester open source online courseware system. A code injection vulnerability exists in SourceCodester Online Courseware version 1.0, which stems from an incorrect manipulation of the parameter fname that can lead to cross-site scripting attacks...

5.1CVSS4.2AI score0.00411EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.3 views

Viwis LMS 代码注入漏洞

Viwis LMS is a Learning Management System from Viwis Corporation, USA. A code injection vulnerability exists in Viwis LMS version 9.11, which stems from a cross-site scripting attack caused by manipulation of the filename parameter in the file upload component...

6.9CVSS5AI score0.00401EPSS
Exploits0References3
OSV
OSV
added 2024/12/09 3:15 p.m.2 views

CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

5.4CVSS6AI score0.003EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.6 views

PT-2024-36436 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the /teacher avatar.php file. This allows remote attackers to execute arbitrary JavaScript via the filename parameter...

5.4CVSS6.5AI score0.003EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary Java script via the filename parameter...

5.4CVSS7.3AI score0.003EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/05 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-39914

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...

9.8CVSS5.8AI score0.23414EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/03 3:39 p.m.21 views

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS0.00508EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.5 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

8.1CVSS6.6AI score0.00508EPSS
Exploits1References2
CVE
CVE
added 2024/11/22 10:22 p.m.49 views

CVE-2024-50054

The CVE-2024-50054 issue affects mySCADA myPRO Manager (myPRO component) where the back-end does not properly validate the user-controlled filename parameter, enabling a path traversal attack to retrieve arbitrary files from the file system. Documents from CISA/ICS indicate an OS command injectio...

8.7CVSS7.5AI score0.00684EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.5 views

PT-2024-33891 · Myscada · Myscada Mypro Manager

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO Manager affected versions not specified Description: The issue arises from insufficient verification of the user-controlled filename parameter by the back-end, allowing an attacker to perform a path traversal attack. This enable...

8.7CVSS7AI score0.00684EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.4 views

PT-2024-16594 · WordPress · Sirv

Name of the Vulnerable Software and Affected Versions: The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress versions up to, and including, 7.3.0 Description: The issue is related to insufficient validation on the filename parameter of the sirv upload file by chunks function, allowing...

8.1CVSS9.3AI score0.00517EPSS
Exploits0References9
NVD
NVD
added 2024/11/01 3:15 p.m.8 views

CVE-2024-27524

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the newticket.php component...

7.1CVSS0.00699EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.3 views

PT-2024-21932 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. Recommendations: For Chamilo LMS version 1.11.26,...

7.1CVSS6.4AI score0.00699EPSS
Exploits2References7
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.4 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

7.1CVSS6AI score0.00699EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.4 views

PT-2024-21931 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the "new ticket.php" component. This could potentially lead to data theft ...

7.1CVSS6.7AI score0.00699EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.5 views

Automatic Systems SlimLane 安全漏洞

Automatic Systems SlimLane is a high-performance electronic inspection system based on a high-density infrared beam matrix from Automatic Systems. A security vulnerability exists in Automatic Systems SlimLane that stems from an information disclosure issue contained in the Racine and FileName...

7.5CVSS6.3AI score0.00463EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.8 views

PT-2024-33242 · Automatic Systems Maintenance · Slimlane

Name of the Vulnerable Software and Affected Versions: Automatic Systems Maintenance SlimLane affected versions not specified Description: An issue in Automatic Systems Maintenance SlimLane allows a remote attacker to obtain sensitive information via the Racine and FileName parameters in the...

7.5CVSS6.7AI score0.00463EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...

7.5CVSS5.9AI score0.5651EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2012-4940

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in 1 the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName...

6.4CVSS5.9AI score0.83632EPSS
Exploits3References1
Rows per page
Query Builder