950 matches found
PT-2024-25744 · Totolink · Totolink Outdoor Cpe Cp450
Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the CloudACMunualUpdate function, specifically via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, as a...
PT-2024-25739 · Totolink · Totolink Outdoor Cpe Cp450
Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the setUpgradeFW function via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, consider restricting access...
CVE-2024-25525
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...
PT-2024-20986 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the filename parameter at the "/WorkFlow/OfficeFileDownload.aspx" API endpoint. Recommendations: For versions 6.01 through 12.01, consider restricting...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the filename parameter of the /WorkFlow/OfficeFileDownload.aspx file against external SQL input. An attacker can exploit this...
CHAOS 安全漏洞
github Chaos is a software application. Visualize the connection between Chaos Theory and Fractals via Logical Mapping;. A security vulnerability exists in CHAOS. A remote attacker can exploit this vulnerability to execute arbitrary code by insecurely concatenating the "filename" parameter to the...
The vulnerability of the ftext() function in the upload_firmware.cgi script of the D-Link DIR-822+ wireless router’s microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the ftext function in the uploadfirmware.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command for processing the UPLOADFILENAME parameter...
PT-2024-24613 · Znuny +1 · Znuny +1
Name of the Vulnerable Software and Affected Versions: Znuny versions 6.0.31 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue allows a logged-in user to upload a file to an arbitrary writable location by traversing paths via a manipulated AJAX request. If this location is...
CVE-2024-31809
TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...
CVE-2024-31809
TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...
CVE-2024-30849
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/productsphoto.php...
The vulnerability of the AI application scaling framework and Python Ray, related to an incorrect path name limitation for the restricted access catalog, allows attackers to read arbitrary files.
The vulnerability of the AI application scaling framework and Python Ray is related to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the “filename” parameter...
PT-2024-24217 · Totolink · Totolink Ex200
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: A remote code execution issue was discovered, allowing exploitation via the FileName parameter in the setUpgradeFW function. This enables unauthorized code execution, potentially leadi...
NUUO NVRmini 路径遍历漏洞
NUUO NVRmini is a standalone Linux-based IP camera surveillance solution from NUUO. A path traversal vulnerability exists in NUUO NVRmini versions 2.x through 3.0.8, which stems from the fact that incorrect manipulation of the parameter filename can lead to path traversal...
NUUO Camera 安全漏洞
NUUO Camera is a series of webcams. A security vulnerability exists in NUUO Camera 20240319 and earlier versions, which stems from a Denial of Service DOS vulnerability in the parameter filename of the file /deletefile.php...
PT-2024-23164 · Nuuo · Nuuo Camera
Name of the Vulnerable Software and Affected Versions: NUUO Camera up to 20240319 Description: A vulnerability was found in the processing of the file /deletefile.php, where the manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has...
Desdev DedeCMS 跨站请求伪造漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. Desdev DedeCMS 5.7 version of the...
PandaX Security Vulnerability
PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from an incorrect operation of the parameter fileName that can lead to path travers...
PT-2024-21049 · Unknown · Pandaxgo Pandax
Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue has been identified, affecting the DeleteImage function in the /apps/system/router/upload.go file. The vulnerability can be exploited by manipulating the fileName argument with a...
PandaX Security Vulnerability
PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the incorrect manipulation of the parameter filename can lead to path traversa...