951 matches found
Collabora Online Security Breach
Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. Collabora Online suffers from a security vulnerability. An attacker can exploit the vulnerability to obtain the path to a...
ZKTeco ZKBio Media Security Breach
ZKTeco ZKBio Media is a digital signage platform that integrates video playback, pictures, audio and other multimedia information from ZKTeco China, providing information distribution solutions based on "visual presentation". A security vulnerability exists in ZKTeco ZKBio Media version...
CVE-2023-49959
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...
Command injection
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...
CVE-2023-49960
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...
PT-2024-13842 · Indo Sol · Indo-Sol Profinet-Inspektor Nt
Name of the Vulnerable Software and Affected Versions: Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier Description: A path traversal issue in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the...
Novel-Plus 代码问题漏洞
Novel-Plus is a multi-end PC, WAP reading, fully functional novel CMS system. Novel-Plus com.java2nb.common.controller.FileController: upload processing fieName parameter there is an arbitrary file upload vulnerability, a remote attacker can use the vulnerability to submit a special request, you...
PT-2024-20241 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...
GHSA-GFQF-9W98-7JMX Stimulsoft Dashboard.JS directory traversal vulnerability
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...
CVE-2024-24398
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...
Stimulsoft GmbH Stimulsoft Dashboard.JS security vulnerability
Stimulsoft GmbH Stimulsoft Dashboard.JS is a powerful dashboard development tool from Stimulsoft. A security vulnerability exists in Stimulsoft GmbH Stimulsoft Dashboard.JS versions prior to v.2024.1.2. An attacker can exploit this vulnerability to execute arbitrary code via a specially crafted...
Fedora 38 : rubygem-httparty (2024-a5aad4eede)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a5aad4eede advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...
TOTOLINK LR1200GB setUploadSetting Function OS Command Injection Vulnerability
The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...
TOTOLINK LR1200GB UploadFirmwareFile Function Command Injection Vulnerability
The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a command injection vulnerabili...
TOTOLINK LR1200GB 命令注入漏洞
The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a command injection vulnerabili...
TOTOLINK N200RE 操作系统命令注入漏洞
The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a command injection vulnerability that stems from a failure to properly filter the FileName parameter of the UploadFirmwareFile function on the /cgi-bin/cstecgi.cgi page...
PT-2024-1056 · Totolink · Totolink Lr1200Gb
Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: The issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi, where the manipulation of the FileName argument leads to command injection. This can be exploited...
PT-2024-1058 · Totolink · Totolink Lr1200Gb
Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical vulnerability was found in the Totolink LR1200GB router's software. The issue affects the setUploadSetting function of the /cgi-bin/cstecgi.cgi file. The manipulation of...
CVE-2022-41760
An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files...
CVE-2022-41760
An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files...