34 matches found
CVE-2020-11702
An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...
PT-2024-33279 · Zimaos · Zimaos
Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue concerns improper input validation in the ZimaOS API endpoint http:///v3/file?token=&files=, allowing authenticated users to read sensitive system files by manipulating the files...
Chengdu Flash Flood Disaster Monitoring and Warning System Security Vulnerabilities
Chengdu Flash Flood Disaster Monitoring and Warning System is a flash flood disaster monitoring and warning system in Chengdu. A security vulnerability exists in Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0, which is caused by a path traversal due to an error in the...
Supcon SimField 代码问题漏洞
Supcon SimField is an intelligent mobile device monitoring platform from Supcon China. A code issue vulnerability exists in versions of Supcon SimField prior to 1.80.00.00, which stems from a problem with the file /admin/reportupload.aspx, where manipulation of the parameter files can result in...
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
Directory traversal
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
ProjectSend 路径遍历漏洞
A directory traversal vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing Web application. The vulnerability stems from a lack of validation of the input to the files parameter. An attacker could exploit the vulnerability by adding ... /upload/files/...
VulnCheck KEV: CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...
CVE-2020-11702
An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...
Cross site scripting
An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...
PT-2019-12307
Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...
CVE-2018-7463
SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...
Remote Command Execution Vulnerability in Mixcall Attendant Management Center files Parameter in Deephaven
Ltd. is a company that focuses on the research, development, manufacturing and sales of call centers and converged communication products. mixcall is one of the company's customer service systems. A remote command execution vulnerability exists in Deephaven's Mixcall agent management center. As t...
Cross site scripting
Cross-site scripting XSS vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4...