EUVD-2020-30280

Malware in sbrugna...

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.

...

CVE-2020-9461

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable...

CVE-2025-28142

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare...

CVE-2025-28142

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare...

Edimax BR-6478AC 安全漏洞

Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. A security vulnerability exists in Edimax BR-6478AC V31.0.15, which originates from a command injection of the foldername parameter in /boafrm/formDiskCreateShare...

Webmin Usermin Cross-Site Scripting Vulnerability

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A cross-site scripting vulnerability exists in Webmin Usermin version 2.000. A remote attacker can use this vulnerability to inject arbitrary web script or HTML via...

Stored XSS on FolderName Affecting other users and admin.

Description If two users have same folder permission, malicious users can rename the folder with XSS payload, which will affect the other user, and admin. Payload: "img src=x onerror=alert1 Proof of Concept https://drive.google.com/file/d/1ukzcFocVAnd8WKEEo7-zE4iEMVLKUnXt/view...

CVE-2022-31321

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service DoS via a crafted input...

CVE-2022-31321

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service DoS via a crafted input...

CVE-2020-15427

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdiskusage.php. When parsing the folderName parameter, the process...

PT-2020-14425 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the ajax dis...

Octech Oempro Cross-Site Scripting Vulnerability

Octech Oempro is a suite of email marketing software from Octech USA. A cross-site scripting vulnerability exists in the 'FolderName' parameter of the Media.CreateFolder command in Octech Oempro versions 4.7 through 4.11. The vulnerability stems from a lack of proper validation of client data by...

CVE-2020-9461

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable...

Photo Manager Pro 4.4.0 iOS - Code Execution

Photo Manager Pro 4.4.0 iOS - Code Execution Document Title: =============== Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1444 Release Date: ============= 2015-03-10 Vulnerability Laboratory I...

Easy FTP Pro 4.2 iOS - Command Injection Vulnerabilities

No description provided by source. Document Title: =============== Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1291 Release Date: ============= 2014-08-06 Vulnerability Laboratory ID VL-ID:...

Wifi Album 1.47 iOS - Command Injection Vulnerability

No description provided by source. Title: ====== Wifi Album v1.47 iOS - Command Injection Vulnerability Date: ===== 2013-04-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=935 VL-ID: ===== 935 Common Vulnerability Scoring System: ====================================...

iPic Sharp 1.2.1 Wifi Script Insertion

Title: ====== iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability Date: ===== 2013-07-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1031 VL-ID: ===== 1031 Common Vulnerability Scoring System: ==================================== 3.6 Introduction:...

iPic Sharp v1.2.1 iOS - Persistent Foldername Vulnerability

Document Title: =============== iPic Sharp v1.2.1 iOS - Persistent Foldername Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1031 Release Date: ============= 2013-07-23 Vulnerability Laboratory ID VL-ID: ===================================...

Wifi Album v1.47 iOS - Command Injection Vulnerability

Title: ====== Wifi Album v1.47 iOS - Command Injection Vulnerability Date: ===== 2013-04-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=935 VL-ID: ===== 935 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ============= WiF...