PT-2024-38561 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 1.0 Description: A vulnerability was found in the system, declared as problematic, affecting unknown code of the file /user images/. The manipulation leads to direct request. The attack...

PT-2023-16333 · Unknown · Phpgurukul Online Security Guards Hiring System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Security Guards Hiring System version 1.0 Description: A vulnerability was found in the PHPGurukul Online Security Guards Hiring System, affecting some unknown functionality of the file search-request.php. The manipulation o...

OpenMRS 路径遍历漏洞

Openmrs OpenMRS is an open source electronic medical record system from OpenMRS Openmrs, Inc. in the United States. OpenMRS suffers from a path traversal vulnerability that stems from an arbitrary file disclosure due to failure to clean up requests when satisfying GET requests for /images and...

CVE-2021-44031

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/GUID/filename...

CVE-2020-14461

Zyxel Armor X1 WAP6806 1.00ABAL.6C0 devices allow Directory Traversal via the images/eaZy/ URI...

CVE-2018-17058

An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs ...

Bludit Remote Code Execution Vulnerability (CNVD-2019-44571)

Bludit is an open source, lightweight blog content management system CMS. A remote code execution vulnerability exists in Bludit version 3.9.2, which can be exploited by remote attackers to execute code with the help of the bl-kernel/ajax/upload-images.php file...

The vulnerability of the microprogramming software of the Dasan GPON router, related to deficiencies in authentication procedures, allows a hacker to gain full control over the device.

The vulnerability of the microprogramming software of the Dasan GPON router is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the device by adding “?images/” to the URL in the browse...

osCommerce Code Execution Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A security vulnerability exists in the .htaccess file of the http://host ip/oscommerce2/catalog/images/ page in osCommerce version 2.3.4.1. The vulnerability can be exploited to execute arbitrary code or...

BSA-2018-603

Security Advisory ID : BSA-2018-603 Component : WebGUI Revision : 1.0: Final Multiple GPON Home Routers could allow a remote attacker to bypass security restrictions, caused by a flaw in the authentication mechanism. By appending "?images/" to the end of the web address on any of the router's...