Lucene search
K

949 matches found

Positive Technologies
Positive Technologies
added 2024/06/21 12:0 a.m.6 views

PT-2024-18928 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: opencart/opencart version 4.0.0.0 Description: A reflected XSS issue was identified in the filename parameter of the "admin tool/log" route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. T...

4.7CVSS6.2AI score0.00366EPSS
Exploits1References11
CNNVD
CNNVD
added 2024/06/21 12:0 a.m.4 views

Tessi Docubase Document Management Security Vulnerability

Tessi Docubase Document Management is a document management and process automation software from Tessi. A security vulnerability exists in Tessi Docubase Document Management version 5.x. A remote attacker could exploit the vulnerability to execute arbitrary code via the filename parameter...

5.4CVSS7.7AI score0.00602EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/21 12:0 a.m.12 views

CVE-2024-37673

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter...

7.3AI score0.00602EPSS
Exploits1References3
Snyk
Snyk
added 2024/06/17 2:2 p.m.4 views

Reflected Cross-site Scripting

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to clic...

4.7CVSS4.8AI score0.00366EPSS
Exploits1References2
OSV
OSV
added 2024/05/28 5:15 p.m.2 views

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

5.9CVSS5.8AI score0.00688EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.3 views

TOTOLINK CP900L 安全漏洞

The TOTOLINK CP900L is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK CP900L suffers from a command injection vulnerability that stems from the FileName parameter of the UploadFirmwareFile function failing to correctly filter constructed command special characters, command...

5.9CVSS7.6AI score0.00688EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.3 views

PT-2024-26481 · Totolink · Totolink Cp900L

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900L version 4.1.5cu.798 B20221228 Description: A command injection issue was found via the FileName parameter in the UploadFirmwareFile function. This allows for potential exploitation. Recommendations: For TOTOLINK CP900L version...

5.9CVSS7.5AI score0.00688EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/24 9:47 p.m.25 views

CVE-2024-36079

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...

6.4AI score0.00589EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.4 views

PT-2024-26887 · Vaultize · Vaultize

Name of the Vulnerable Software and Affected Versions: Vaultize version 21.07.27 Description: An issue was discovered in the software where there is no check that the filename parameter is correct when uploading files. As a result, a temporary file will be created outside the specified directory...

6.5CVSS6.8AI score0.00589EPSS
Exploits0References5
CVE
CVE
added 2024/05/23 5:2 p.m.90 views

CVE-2024-35081

LuckyFrameWeb v3.5.2 is affected by CVE-2024-35081: an arbitrary file deletion vulnerability exposed through the fileName parameter in the fileDownload method. The issue allows deletion of files and is described as a security vulnerability with high integrity impact (I: high) while confidentialit...

7.5CVSS7.4AI score0.00461EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.3 views

LuckyFrameWeb 安全漏洞

LuckyFrameWeb is an open source testing platform open source by LuckyFrameWeb. A security vulnerability exists in LuckyFrameWeb version v3.5.2, which originates from an arbitrary file deletion via the fileName parameter in the fileDownload method...

7.5CVSS6.9AI score0.00461EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.4 views

PT-2024-26310 · Unknown · Luckyframeweb

Name of the Vulnerable Software and Affected Versions: LuckyFrameWeb version 3.5.2 Description: The issue allows for arbitrary file deletion via the fileName parameter in the fileDownload method. Recommendations: For version 3.5.2, avoid using the fileName parameter in the fileDownload method unt...

7.5CVSS7.4AI score0.00461EPSS
Exploits0References4
CNVD
CNVD
added 2024/05/22 12:0 a.m.3 views

TOTOLINK CPE CP450 setUpgradeFW Method Command Injection Vulnerability

TOTOLINK CPE CP450 is an outdoor wireless client terminal device manufactured by China Gion Electronics TOTOLINK. The TOTOLINK CPE CP450 suffers from a command injection vulnerability that stems from the FileName parameter of the setUpgradeFW method failing to properly filter constructor command...

9.8CVSS7.9AI score0.019EPSS
Exploits1References1
OSV
OSV
added 2024/05/14 3:38 p.m.2 views

CVE-2024-34210

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter...

7.3CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2024/05/14 3:38 p.m.3 views

CVE-2024-34204

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...

9.8CVSS5.8AI score0.019EPSS
Exploits1References1
NVD
NVD
added 2024/05/14 3:38 p.m.13 views

CVE-2024-34204

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...

9.8CVSS7.6AI score0.019EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

TOTOLINK CPE CP450 安全漏洞

TOTOLINK CPE CP450 is an outdoor wireless client terminal device from China Gion Electronics TOTOLINK, which is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. A security vulnerability exists in the TOTOLINK CPE CP450...

9.8CVSS7.5AI score0.019EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC 20240506 and earlier versions, which...

9.8CVSS6.9AI score0.06414EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/11 12:0 a.m.5 views

PT-2024-32876 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: A problematic vulnerability has been found in DedeCMS, affecting the file /sys verifies.php?action=view. The manipulation of the filename argument with the input ../../../../../etc/passwd leads to path...

7.5CVSS7.1AI score0.01133EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.3 views

PT-2024-25744 · Totolink · Totolink Outdoor Cpe Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the CloudACMunualUpdate function, specifically via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, as a...

7.5CVSS7.6AI score0.01201EPSS
Exploits1References4
Rows per page
Query Builder