Lucene search
+L

34 matches found

redhatcve
redhatcve
added 2025/05/22 4:57 p.m.6 views

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

6.1CVSS6AI score0.00678EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/10/24 12:0 a.m.5 views

PT-2024-33279 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue concerns improper input validation in the ZimaOS API endpoint http:///v3/file?token=&files=, allowing authenticated users to read sensitive system files by manipulating the files...

7.5CVSS6.8AI score0.00702EPSS
Exploits1References5
cnnvd
cnnvd
added 2023/08/05 12:0 a.m.5 views

Chengdu Flash Flood Disaster Monitoring and Warning System Security Vulnerabilities

Chengdu Flash Flood Disaster Monitoring and Warning System is a flash flood disaster monitoring and warning system in Chengdu. A security vulnerability exists in Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0, which is caused by a path traversal due to an error in the...

5.3CVSS6.8AI score0.00941EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/05/27 12:0 a.m.3 views

Supcon SimField 代码问题漏洞

Supcon SimField is an intelligent mobile device monitoring platform from Supcon China. A code issue vulnerability exists in versions of Supcon SimField prior to 1.80.00.00, which stems from a problem with the file /admin/reportupload.aspx, where manipulation of the parameter files can result in...

9.8CVSS5.8AI score0.24323EPSS
Exploits1References4
nvd
nvd
added 2021/10/11 11:15 a.m.20 views

CVE-2021-40887

Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...

10CVSS0.02294EPSS
Exploits1References1
prion
prion
added 2021/10/11 11:15 a.m.10 views

Directory traversal

Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...

10CVSS9.4AI score0.02294EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2021/10/11 12:0 a.m.4 views

ProjectSend 路径遍历漏洞

A directory traversal vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing Web application. The vulnerability stems from a lack of validation of the input to the files parameter. An attacker could exploit the vulnerability by adding ... /upload/files/...

10CVSS8.4AI score0.02294EPSS
Exploits1References2
vulncheck_kev
vulncheck_kev
added 2020/06/03 12:0 a.m.6 views

VulnCheck KEV: CVE-2015-9406

Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...

7.5CVSS7.3AI score0.55008EPSS
Exploits1References1
osv
osv
added 2020/04/12 3:15 a.m.4 views

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

6.1CVSS5.8AI score0.00678EPSS
Exploits1References2
prion
prion
added 2020/04/12 3:15 a.m.17 views

Cross site scripting

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

4.3CVSS5.9AI score0.00678EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2019/04/21 12:0 a.m.7 views

PT-2019-12307

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...

6.1CVSS6.8AI score0.00869EPSS
Exploits1References4
osv
osv
added 2018/02/26 1:29 p.m.4 views

CVE-2018-7463

SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...

9.8CVSS6.1AI score0.01258EPSS
Exploits0References1
cnvd
cnvd
added 2017/02/16 12:0 a.m.3 views

Remote Command Execution Vulnerability in Mixcall Attendant Management Center files Parameter in Deephaven

Ltd. is a company that focuses on the research, development, manufacturing and sales of call centers and converged communication products. mixcall is one of the company's customer service systems. A remote command execution vulnerability exists in Deephaven's Mixcall agent management center. As t...

7.4AI score
Exploits0References1
prion
prion
added 2012/04/20 10:55 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4...

4.3CVSS5.9AI score0.02758EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder