949 matches found
PT-2024-18928 · Opencart · Opencart
Name of the Vulnerable Software and Affected Versions: opencart/opencart version 4.0.0.0 Description: A reflected XSS issue was identified in the filename parameter of the "admin tool/log" route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. T...
Tessi Docubase Document Management Security Vulnerability
Tessi Docubase Document Management is a document management and process automation software from Tessi. A security vulnerability exists in Tessi Docubase Document Management version 5.x. A remote attacker could exploit the vulnerability to execute arbitrary code via the filename parameter...
CVE-2024-37673
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter...
Reflected Cross-site Scripting
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to clic...
CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
TOTOLINK CP900L 安全漏洞
The TOTOLINK CP900L is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK CP900L suffers from a command injection vulnerability that stems from the FileName parameter of the UploadFirmwareFile function failing to correctly filter constructed command special characters, command...
PT-2024-26481 · Totolink · Totolink Cp900L
Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900L version 4.1.5cu.798 B20221228 Description: A command injection issue was found via the FileName parameter in the UploadFirmwareFile function. This allows for potential exploitation. Recommendations: For TOTOLINK CP900L version...
CVE-2024-36079
An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...
PT-2024-26887 · Vaultize · Vaultize
Name of the Vulnerable Software and Affected Versions: Vaultize version 21.07.27 Description: An issue was discovered in the software where there is no check that the filename parameter is correct when uploading files. As a result, a temporary file will be created outside the specified directory...
CVE-2024-35081
LuckyFrameWeb v3.5.2 is affected by CVE-2024-35081: an arbitrary file deletion vulnerability exposed through the fileName parameter in the fileDownload method. The issue allows deletion of files and is described as a security vulnerability with high integrity impact (I: high) while confidentialit...
LuckyFrameWeb 安全漏洞
LuckyFrameWeb is an open source testing platform open source by LuckyFrameWeb. A security vulnerability exists in LuckyFrameWeb version v3.5.2, which originates from an arbitrary file deletion via the fileName parameter in the fileDownload method...
PT-2024-26310 · Unknown · Luckyframeweb
Name of the Vulnerable Software and Affected Versions: LuckyFrameWeb version 3.5.2 Description: The issue allows for arbitrary file deletion via the fileName parameter in the fileDownload method. Recommendations: For version 3.5.2, avoid using the fileName parameter in the fileDownload method unt...
TOTOLINK CPE CP450 setUpgradeFW Method Command Injection Vulnerability
TOTOLINK CPE CP450 is an outdoor wireless client terminal device manufactured by China Gion Electronics TOTOLINK. The TOTOLINK CPE CP450 suffers from a command injection vulnerability that stems from the FileName parameter of the setUpgradeFW method failing to properly filter constructor command...
CVE-2024-34210
TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter...
CVE-2024-34204
TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...
CVE-2024-34204
TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...
TOTOLINK CPE CP450 安全漏洞
TOTOLINK CPE CP450 is an outdoor wireless client terminal device from China Gion Electronics TOTOLINK, which is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. A security vulnerability exists in the TOTOLINK CPE CP450...
Ruijie Networks RG-UAC 操作系统命令注入漏洞
Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC 20240506 and earlier versions, which...
PT-2024-32876 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: A problematic vulnerability has been found in DedeCMS, affecting the file /sys verifies.php?action=view. The manipulation of the filename argument with the input ../../../../../etc/passwd leads to path...
PT-2024-25744 · Totolink · Totolink Outdoor Cpe Cp450
Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the CloudACMunualUpdate function, specifically via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, as a...