XAgent 路径遍历漏洞

XAgent is an open-source, experimental large language model-driven autonomous agent developed by OpenBMB. Version XAgent 1.0.0 contains a path traversal vulnerability, which stems from incorrect handling of the filename parameter in the workspace.py function of the XAgentServer/application/router...

EUVD-2009-2371

Malware in sbrugna...

EUVD-2017-3088

Malware in sbrugna...

EUVD-2023-51134

Malicious code in bioql PyPI...

EUVD-2021-28609

Malicious code in bioql PyPI...

CVE-2025-52053

TOTOLINK X6000R V9.4.0cu.1360B20241207 was found to contain a command injection vulnerability in the sub417D74 function via the filename parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...

CVE-2024-45894

BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...

Wangshen SecGate 路径遍历漏洞

Wangshen SecGate is a series of gigabit firewalls from China's Wangshen. A path traversal vulnerability exists in Wangshen SecGate 3600, which stems from improper handling of the parameter filename in the file ?g=logexportfile, which could lead to a path traversal attack...

CVE-2024-45894

BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...

BlueCMS 安全漏洞

BlueCMS is a content management system CMS based on PHP and MySQL. A security vulnerability exists in BlueCMS version 1.6, which originates from arbitrary file deletion via the filename parameter in the /admin/database.php?act=del request...

CVE-2024-0416

The CVE-2024-0416 entry concerns DeShang DSMall (up to v5.0.3). The vulnerability lies in file application/home/controller/MemberAuth.php, where manipulating the file_name argument triggers a path traversal (../filedir). This is a remote issue and the exploit has public disclosure. Impact is tied...

Command injection

TOTOLINK A3300R 17.0.0cu.557B20221024 contains a command injection via the filename parameter in the UploadFirmwareFile function...

CVE-2023-46976

CVE-2023-46976 affects TOTOLINK A3300R (version 17.0.0cu.557_B20221024). The vulnerability is a command injection in the UploadFirmwareFile function triggered via the file_name parameter, allowing arbitrary command execution with network access and no user interaction. The NVD entry lists a base ...

CVE-2023-46976

TOTOLINK A3300R 17.0.0cu.557B20221024 contains a command injection via the filename parameter in the UploadFirmwareFile function...

CVE-2023-46976

TOTOLINK A3300R 17.0.0cu.557B20221024 contains a command injection via the filename parameter in the UploadFirmwareFile function...

CVE-2023-23294

Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the filename parameter to execute commands as root...

CVE-2023-23294

Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the filename parameter to execute commands as root...

CVE-2022-3940

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...

Directory Traversal

libtar.so is vulnerable to directory traversal. Lack of insecure sanitization of the filename parameter, aka POINTYFEATHER allows a bypass of an intended protection mechanism, leading to writing of arbitrary files via vectors...

Directory traversal

get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the filename parameter...