Lucene search
K

950 matches found

Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.3 views

PT-2024-25744 · Totolink · Totolink Outdoor Cpe Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the CloudACMunualUpdate function, specifically via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, as a...

7.5CVSS7.6AI score0.01201EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.3 views

PT-2024-25739 · Totolink · Totolink Outdoor Cpe Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the setUpgradeFW function via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, consider restricting access...

10CVSS7.8AI score0.019EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/08 12:0 a.m.13 views

CVE-2024-25525

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...

8.3AI score0.00629EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.4 views

PT-2024-20986 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the filename parameter at the "/WorkFlow/OfficeFileDownload.aspx" API endpoint. Recommendations: For versions 6.01 through 12.01, consider restricting...

9.8CVSS7.5AI score0.00629EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/05/08 12:0 a.m.9 views

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the filename parameter of the /WorkFlow/OfficeFileDownload.aspx file against external SQL input. An attacker can exploit this...

9.8CVSS8.3AI score0.00629EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.3 views

CHAOS 安全漏洞

github Chaos is a software application. Visualize the connection between Chaos Theory and Fractals via Logical Mapping;. A security vulnerability exists in CHAOS. A remote attacker can exploit this vulnerability to execute arbitrary code by insecurely concatenating the "filename" parameter to the...

9.8CVSS9.3AI score0.01365EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.5 views

The vulnerability of the ftext() function in the upload_firmware.cgi script of the D-Link DIR-822+ wireless router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ftext function in the uploadfirmware.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command for processing the UPLOADFILENAME parameter...

10CVSS5.9AI score0.19893EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.5 views

PT-2024-24613 · Znuny +1 · Znuny +1

Name of the Vulnerable Software and Affected Versions: Znuny versions 6.0.31 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue allows a logged-in user to upload a file to an arbitrary writable location by traversing paths via a manipulated AJAX request. If this location is...

9.8CVSS7.8AI score0.00719EPSS
Exploits0References14
NVD
NVD
added 2024/04/08 1:15 p.m.10 views

CVE-2024-31809

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...

8.8CVSS7.9AI score0.00979EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/08 12:0 a.m.11 views

CVE-2024-31809

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...

8.5AI score0.00979EPSS
Exploits1References1
OSV
OSV
added 2024/04/05 8:15 a.m.2 views

CVE-2024-30849

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/productsphoto.php...

9.8CVSS6.1AI score0.01116EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.6 views

The vulnerability of the AI application scaling framework and Python Ray, related to an incorrect path name limitation for the restricted access catalog, allows attackers to read arbitrary files.

The vulnerability of the AI application scaling framework and Python Ray is related to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the “filename” parameter...

7.8CVSS7.1AI score0.37076EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.5 views

PT-2024-24217 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: A remote code execution issue was discovered, allowing exploitation via the FileName parameter in the setUpgradeFW function. This enables unauthorized code execution, potentially leadi...

8.8CVSS8AI score0.00979EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.5 views

NUUO NVRmini 路径遍历漏洞

NUUO NVRmini is a standalone Linux-based IP camera surveillance solution from NUUO. A path traversal vulnerability exists in NUUO NVRmini versions 2.x through 3.0.8, which stems from the fact that incorrect manipulation of the parameter filename can lead to path traversal...

6.5CVSS6.8AI score0.00794EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.5 views

NUUO Camera 安全漏洞

NUUO Camera is a series of webcams. A security vulnerability exists in NUUO Camera 20240319 and earlier versions, which stems from a Denial of Service DOS vulnerability in the parameter filename of the file /deletefile.php...

5.5CVSS5.5AI score0.00589EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.3 views

PT-2024-23164 · Nuuo · Nuuo Camera

Name of the Vulnerable Software and Affected Versions: NUUO Camera up to 20240319 Description: A vulnerability was found in the processing of the file /deletefile.php, where the manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has...

5.5CVSS7AI score0.00589EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.3 views

Desdev DedeCMS 跨站请求伪造漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. Desdev DedeCMS 5.7 version of the...

5CVSS5AI score0.0039EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/17 12:0 a.m.4 views

PandaX Security Vulnerability

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from an incorrect operation of the parameter fileName that can lead to path travers...

9.8CVSS6.8AI score0.0085EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/17 12:0 a.m.4 views

PT-2024-21049 · Unknown · Pandaxgo Pandax

Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue has been identified, affecting the DeleteImage function in the /apps/system/router/upload.go file. The vulnerability can be exploited by manipulating the fileName argument with a...

9.8CVSS5.7AI score0.0085EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/17 12:0 a.m.4 views

PandaX Security Vulnerability

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the incorrect manipulation of the parameter filename can lead to path traversa...

7.3CVSS6.7AI score0.00507EPSS
Exploits0References4
Rows per page
Query Builder