CVE-2025-52081

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the usbfolder parameter...

CVE-2021-37449

Cross Site Scripting XSS exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= reflected...

CVE-2007-3967

Directory traversal vulnerability in index.php in PHP Directory Lister dirLIST before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. dot dot in the folder parameter...

WordPress plugin Easy cache 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Landray EKP 路径遍历漏洞

Landray EKP is an office automation solution from China's Landray Corporation that enables companies to easily model and manage their business. A path traversal vulnerability exists in Landray EKP V16.0 and earlier versions, which stems from the parameter folder in the file...

PT-2024-38022 · Unknown · Parisneo/Lollms-Webui +1

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified parisneo/lollms affected versions not specified Description: A path traversal issue exists due to improper sanitization of the personality folder parameter in the "api open personality...

PT-2024-40173 · Unknown · Camaleon Cms

Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: The issue concerns a path traversal vulnerability in the MediaController class. An attacker who has taken over an administrator account could potentially delete arbitrary files or...

SourceCodester Zipped Folder Manager App 代码问题漏洞

SourceCodester Zipped Folder Manager App is an open source zipped folder manager application from SourceCodester. A code issue vulnerability exists in version 1.0 of the SourceCodester Zipped Folder Manager App that stems from improper handling of the parameter folder, resulting in unrestricted...

PT-2024-15775 · Unknown · Miczflor Rpi-Jukebox-Rfid

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.5.0 Description: A critical issue affects some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc...

SUSE CVE-2005-3559

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. dot dot in the folder parameter...

PT-2022-18845 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier Description: The issue allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkin...

Path Traversal Vulnerability in Joomla! (CNVD-2020-75069)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A path traversal vulnerability exists in Joomla! 2.5.0 - 3.9.22. The vulnerabilit...

CVE-2020-35612

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

CVE-2020-35612

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

Path traversal

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

Directory traversal

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory...

CVE-2018-12314

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters...

Cross site scripting

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...

CVE-2018-18579

DedeCMS 5.7 SP2 is affected by a reflected XSS vulnerability in the /member/pm.php endpoint, exploitable via the folder parameter. The vulnerable component is DedeCMS’s web interface; input in the folder parameter can be reflected back to the user, enabling arbitrary script/HTML execution in a us...

CVE-2018-11342

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...