PT-2024-7881 · D Link · D-Link Di-8003

Name of the Vulnerable Software and Affected Versions: D-Link DI-8003 version 16.07.16A1 Description: A critical issue has been identified, affecting the function upgrade filter asp of the file /upgrade filter.asp. The manipulation of the argument path leads to os command injection. This issue ca...

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...

CVE-2024-31947

CVE-2024-31947 affects StoneFly Storage Concentrator (SC and SCVM) prior to version 8.0.4.26. The vulnerability is a directory traversal flaw triggered by a crafted path parameter used with the Online Help facility, exploitable by authenticated users and potentially exposing sensitive system info...

CVE-2024-6433 Local File Inclusion in stitionai/devika

The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshotpath parameter...

PT-2024-37622 · Devika · Devika

Name of the Vulnerable Software and Affected Versions: devika versions prior to the fixed version Description: The issue allows an attacker to read arbitrary files on the system by providing a crafted path. This can be exploited by sending a request to the application with a malicious snapshot pa...

PT-2024-25526 · Virtosoftware · Virto Bulk File Download

Name of the Vulnerable Software and Affected Versions: VirtoSoftware Virto Bulk File Download version 5.5.44 for SharePoint 2019 Description: An issue was discovered that allows arbitrary file download and deletion via absolute path traversal in the path parameter of the isCompleted method in the...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33383

Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter...

PT-2024-22253 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue allows a potential attacker to redirect to different domains when using a URL parameter with a relative entry in the correct format. This is related to an Arbitrary Op...

Tenda AC15 formExpandDlnaFile method stack buffer overflow vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. Tenda AC15 suffers from a stack buffer overflow...

PT-2024-20543 · Unknown · Casaos-Userservice

Name of the Vulnerable Software and Affected Versions: CasaOS-UserService versions prior to 0.4.7 Description: The issue concerns a path traversal vulnerability in the UserService API, which allows an unauthorized actor to access any file on the system due to insufficient path filtering for user...

CVE-2023-5123 Improper Path Sanitization in JSON Datasource Plugin

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

PT-2024-20305 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.0 Description: The issue is related to an Arbitrary File Read vulnerability. It affects the /admin/file/edit.do endpoint, where the incoming path parameter is not properly filtered. This allows for unauthorized access to files...

MRCMS Security Vulnerabilities

MRCMS is a content management system from the individual developers at marker. A security vulnerability exists in MRCMS version 3.0 that stems from not filtering the incoming path parameter...

Cross site scripting

Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

PT-2024-19641 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: The issue allows a remote attacker to run arbitrary code via a crafted URL, exploiting a Cross Site Scripting vulnerability in the path parameter. Recommendations: For eyoucms version 1.6.5, consider...