PT-2024-38561 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 1.0 Description: A vulnerability was found in the system, declared as problematic, affecting unknown code of the file /user images/. The manipulation leads to direct request. The attack...

PT-2023-16333 · Unknown · Phpgurukul Online Security Guards Hiring System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Security Guards Hiring System version 1.0 Description: A vulnerability was found in the PHPGurukul Online Security Guards Hiring System, affecting some unknown functionality of the file search-request.php. The manipulation o...

OpenMRS 路径遍历漏洞

Openmrs OpenMRS is an open source electronic medical record system from OpenMRS Openmrs, Inc. in the United States. OpenMRS suffers from a path traversal vulnerability that stems from an arbitrary file disclosure due to failure to clean up requests when satisfying GET requests for /images and...

CVE-2021-44031

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/GUID/filename...

CVE-2020-14461

Zyxel Armor X1 WAP6806 1.00ABAL.6C0 devices allow Directory Traversal via the images/eaZy/ URI...

CVE-2018-17058

An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs ...

Bludit Remote Code Execution Vulnerability (CNVD-2019-44571)

Bludit is an open source, lightweight blog content management system CMS. A remote code execution vulnerability exists in Bludit version 3.9.2, which can be exploited by remote attackers to execute code with the help of the bl-kernel/ajax/upload-images.php file...

osCommerce Code Execution Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A security vulnerability exists in the .htaccess file of the http://host ip/oscommerce2/catalog/images/ page in osCommerce version 2.3.4.1. The vulnerability can be exploited to execute arbitrary code or...

BSA-2018-603

Security Advisory ID : BSA-2018-603 Component : WebGUI Revision : 1.0: Final Multiple GPON Home Routers could allow a remote attacker to bypass security restrictions, caused by a flaw in the authentication mechanism. By appending "?images/" to the end of the web address on any of the router's...