Lucene search
K

951 matches found

Vulnrichment
Vulnrichment
added 2023/10/24 12:0 a.m.20 views

CVE-2023-46574

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function...

8.1AI score0.65412EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2023/10/18 6:21 p.m.24 views

Arduino Create Agent path traversal - local privilege escalation vulnerability

Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...

7.8CVSS7.6AI score0.00354EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/18 12:0 a.m.3 views

PT-2023-28995 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/upload" which handles requests with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able ...

7.8CVSS7.5AI score0.00354EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/09/29 12:0 a.m.8 views

PT-2023-31983 · Openrapid · Openrapid Rapidcms

Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS version 1.3.1 Description: A critical vulnerability has been found in OpenRapid RapidCMS, affecting the isImg function of the file /admin/config/uploadicon.php. The manipulation of the fileName argument leads to unrestricte...

8.8CVSS6.5AI score0.00639EPSS
Exploits1References9
Huntr
Huntr
added 2023/09/13 9:58 p.m.17 views

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

6.8AI score0.0073EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/08/25 12:0 a.m.4 views

PT-2023-8890

Name of the Vulnerable Software and Affected Versions Ray affected versions not specified Description The issue is related to incorrect restriction of a directory path with limited access in the Ray framework for scaling AI and Python applications. This can be exploited by a remote attacker to re...

7.8CVSS7.5AI score0.37076EPSS
Exploits1References21
OSV
OSV
added 2023/07/24 2:15 p.m.3 views

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

5.4CVSS5.8AI score0.00389EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/07/24 2:15 p.m.3 views

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

5.4CVSS6.1AI score0.00389EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/24 12:0 a.m.5 views

PT-2023-12955 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Site Configuration Tool website section, where a malicious user can change the filename of an uploaded file to include JavaScript code. This code is then stored and executed ...

5.4CVSS5.4AI score0.00389EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2023/07/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-26255

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system...

7.5CVSS7AI score0.47907EPSS
Exploits5References1
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.3 views

Gin-Gonic Gin 安全漏洞

Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. A security vulnerability exists in Gin-Gonic Gin, which stems from the filename parameter of the Context.FileAttachment function not being cleaned up correctly...

6.5CVSS7.2AI score0.0125EPSS
Exploits0References9
OSV
OSV
added 2023/07/07 2:15 p.m.2 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

9.8CVSS5.8AI score0.01674EPSS
Exploits1References1
OSV
OSV
added 2023/07/07 2:15 p.m.4 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

9.8CVSS5.8AI score0.01674EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/07/07 2:15 p.m.4 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

9.8CVSS7.4AI score0.01674EPSS
Exploits1References2
NVD
NVD
added 2023/07/07 2:15 p.m.28 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

9.8CVSS9.8AI score0.01674EPSS
Exploits1References1
NVD
NVD
added 2023/07/07 2:15 p.m.19 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

9.8CVSS9.8AI score0.01674EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/07/07 2:15 p.m.3 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

9.8CVSS7.4AI score0.01674EPSS
Exploits1References2
Prion
Prion
added 2023/07/07 2:15 p.m.22 views

Command injection

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

7.5CVSS9.8AI score0.01674EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/07/07 2:15 p.m.21 views

Command injection

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

7.5CVSS9.8AI score0.01674EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/07 12:0 a.m.15 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

8AI score0.01674EPSS
Exploits1References1
Rows per page
Query Builder