Lucene search
K

951 matches found

CNNVD
CNNVD
added 2024/03/11 12:0 a.m.5 views

Collabora Online Security Breach

Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. Collabora Online suffers from a security vulnerability. An attacker can exploit the vulnerability to obtain the path to a...

5.3CVSS6.7AI score0.00471EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/08 12:0 a.m.3 views

ZKTeco ZKBio Media Security Breach

ZKTeco ZKBio Media is a digital signage platform that integrates video playback, pictures, audio and other multimedia information from ZKTeco China, providing information distribution solutions based on "visual presentation". A security vulnerability exists in ZKTeco ZKBio Media version...

7.5CVSS6.6AI score0.00933EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2024/02/26 4:27 p.m.2 views

CVE-2023-49959

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...

9.8CVSS6.2AI score0.01379EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.14 views

Command injection

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...

8.4AI score0.01379EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/26 12:0 a.m.13 views

CVE-2023-49960

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...

7.1AI score0.00664EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.4 views

PT-2024-13842 · Indo Sol · Indo-Sol Profinet-Inspektor Nt

Name of the Vulnerable Software and Affected Versions: Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier Description: A path traversal issue in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the...

7.5CVSS7.6AI score0.00664EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.5 views

Novel-Plus 代码问题漏洞

Novel-Plus is a multi-end PC, WAP reading, fully functional novel CMS system. Novel-Plus com.java2nb.common.controller.FileController: upload processing fieName parameter there is an arbitrary file upload vulnerability, a remote attacker can use the vulnerability to submit a special request, you...

9.8CVSS7.6AI score0.00654EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.4 views

PT-2024-20241 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...

9.8CVSS7AI score0.00654EPSS
Exploits0References6
OSV
OSV
added 2024/02/06 12:30 a.m.14 views

GHSA-GFQF-9W98-7JMX Stimulsoft Dashboard.JS directory traversal vulnerability

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

9.1CVSS9.6AI score0.02319EPSS
Exploits1References5
NVD
NVD
added 2024/02/06 12:15 a.m.14 views

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

9.8CVSS9.5AI score0.02319EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.4 views

Stimulsoft GmbH Stimulsoft Dashboard.JS security vulnerability

Stimulsoft GmbH Stimulsoft Dashboard.JS is a powerful dashboard development tool from Stimulsoft. A security vulnerability exists in Stimulsoft GmbH Stimulsoft Dashboard.JS versions prior to v.2024.1.2. An attacker can exploit this vulnerability to execute arbitrary code via a specially crafted...

9.8CVSS7.6AI score0.02319EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/13 12:0 a.m.16 views

Fedora 38 : rubygem-httparty (2024-a5aad4eede)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a5aad4eede advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...

5.3CVSS5.8AI score0.0129EPSS
Exploits1References2
CNVD
CNVD
added 2024/01/11 12:0 a.m.2 views

TOTOLINK LR1200GB setUploadSetting Function OS Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

9.8CVSS7.6AI score0.04831EPSS
Exploits1References1
CNVD
CNVD
added 2024/01/11 12:0 a.m.4 views

TOTOLINK LR1200GB UploadFirmwareFile Function Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a command injection vulnerabili...

8.8CVSS7.6AI score0.04407EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.4 views

TOTOLINK LR1200GB 命令注入漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a command injection vulnerabili...

8.8CVSS7.5AI score0.04407EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.6 views

TOTOLINK N200RE 操作系统命令注入漏洞

The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a command injection vulnerability that stems from a failure to properly filter the FileName parameter of the UploadFirmwareFile function on the /cgi-bin/cstecgi.cgi page...

9.8CVSS7.6AI score0.03834EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/07 12:0 a.m.6 views

PT-2024-1056 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: The issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi, where the manipulation of the FileName argument leads to command injection. This can be exploited...

9CVSS7AI score0.04407EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/01/07 12:0 a.m.5 views

PT-2024-1058 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical vulnerability was found in the Totolink LR1200GB router's software. The issue affects the setUploadSetting function of the /cgi-bin/cstecgi.cgi file. The manipulation of...

10CVSS7.4AI score0.04831EPSS
Exploits1References9
OSV
OSV
added 2023/12/25 6:15 a.m.3 views

CVE-2022-41760

An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files...

6.5CVSS5.9AI score0.008EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/12/25 6:15 a.m.3 views

CVE-2022-41760

An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files...

6.5CVSS6AI score0.008EPSS
Exploits1References2
Rows per page
Query Builder