949 matches found
PT-2025-1807 · WordPress · System Dashboard
Name of the Vulnerable Software and Affected Versions: System Dashboard plugin for WordPress versions up to, and including, 2.8.15 Description: The issue is related to Reflected Cross-Site Scripting via the Filename parameter due to insufficient input sanitization and output escaping. This allows...
SourceCodester Online Courseware 代码注入漏洞
SourceCodester Online Courseware is a Sourcecodester open source online courseware system. A code injection vulnerability exists in SourceCodester Online Courseware version 1.0, which stems from an incorrect manipulation of the parameter fname that can lead to cross-site scripting attacks...
Viwis LMS 代码注入漏洞
Viwis LMS is a Learning Management System from Viwis Corporation, USA. A code injection vulnerability exists in Viwis LMS version 9.11, which stems from a cross-site scripting attack caused by manipulation of the filename parameter in the file upload component...
CVE-2024-54919
A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...
PT-2024-36436 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the /teacher avatar.php file. This allows remote attackers to execute arbitrary JavaScript via the filename parameter...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary Java script via the filename parameter...
VulnCheck KEV: CVE-2024-39914
FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...
CVE-2024-50054
The CVE-2024-50054 issue affects mySCADA myPRO Manager (myPRO component) where the back-end does not properly validate the user-controlled filename parameter, enabling a path traversal attack to retrieve arbitrary files from the file system. Documents from CISA/ICS indicate an OS command injectio...
PT-2024-33891 · Myscada · Myscada Mypro Manager
Name of the Vulnerable Software and Affected Versions: mySCADA myPRO Manager affected versions not specified Description: The issue arises from insufficient verification of the user-controlled filename parameter by the back-end, allowing an attacker to perform a path traversal attack. This enable...
PT-2024-16594 · WordPress · Sirv
Name of the Vulnerable Software and Affected Versions: The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress versions up to, and including, 7.3.0 Description: The issue is related to insufficient validation on the filename parameter of the sirv upload file by chunks function, allowing...
CVE-2024-27524
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the newticket.php component...
PT-2024-21932 · Unknown · Chamilo Lms
Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. Recommendations: For Chamilo LMS version 1.11.26,...
Chamilo LMS 安全漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...
PT-2024-21931 · Unknown · Chamilo Lms
Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the "new ticket.php" component. This could potentially lead to data theft ...
Automatic Systems SlimLane 安全漏洞
Automatic Systems SlimLane is a high-performance electronic inspection system based on a high-density infrared beam matrix from Automatic Systems. A security vulnerability exists in Automatic Systems SlimLane that stems from an information disclosure issue contained in the Racine and FileName...
PT-2024-33242 · Automatic Systems Maintenance · Slimlane
Name of the Vulnerable Software and Affected Versions: Automatic Systems Maintenance SlimLane affected versions not specified Description: An issue in Automatic Systems Maintenance SlimLane allows a remote attacker to obtain sensitive information via the Racine and FileName parameters in the...
VulnCheck KEV: CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...
VulnCheck KEV: CVE-2012-4940
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in 1 the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName...