ftcms 路径遍历漏洞

ftcms is a content management system from ftcms. A security vulnerability exists in ftcms version 2.1 and earlier versions, which can be exploited by an attacker to conduct a directory traversal attack via the tp parameter...

CVE-2021-42165

MitraStar GPT-2541GNAC-N1 HGU 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path"...

EUVD-2006-4199

PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolutepath parameter...

CVE-2021-43459

A Cross Site Scripting XSS vulnerability exists in Rumble Mail Server 0.51.3135 via the 1 domain and 2 path parameters...

CVE-2021-43459

A Cross Site Scripting XSS vulnerability exists in Rumble Mail Server 0.51.3135 via the 1 domain and 2 path parameters...

CVE-2022-27248

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to...

CVE-2022-25389

DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/logmanagement.php...

CVE-2022-24633

All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/". A malicious actor could identify the existence of users by requesting share information on specified share paths...

D-Link Di-7200G Command Injection Vulnerability (CNVD-2022-15182)

D-Link Di-7200G is a gigabit enterprise router from China Youxun D-Link. D-Link DI-7200G V2.E1 v21.04.09E1 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the path parameter...

The vulnerability of the `version_upgrade.asp` implementation in the D-Link DI-7200G V2.E1 microprogramming router software allows a hacker to execute arbitrary commands.

The vulnerability of the versionupgrade.asp implementation in the D-Link DI-7200G V2.E1 microprogramming router software is related to insufficient cleaning of input data during the processing of the path parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

CVE-2022-23378

A Cross-Site Scripting XSS vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable...

TastyIgniter 跨站脚本漏洞

TastyIgniter is a free and open source online ordering software based on the Laravel PHP Framework designed for developers and restaurateurs to enjoy life. A cross-site scripting vulnerability exists in TastyIgniter that stems from a cross-site scripting XSS vulnerability in version 3.2.2 of...

CVE-2021-46230

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgradefilter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters...

CVE-2021-46230

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgradefilter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters...

CVE-2021-46232

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function versionupgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter...

CVE-2021-46232

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function versionupgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter...

CVE-2021-46230

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgradefilter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters...

CVE-2021-46232

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function versionupgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter...

D-Link Di-7200G 命令注入漏洞

D-Link Di-7200G is a gigabit enterprise router from China Youxun D-Link. D-Link DI-7200GV2.E1 v21.04.09E1 is vulnerable to a command injection vulnerability, which can be exploited by attackers to execute arbitrary commands via path and time parameters...

D-Link Di-7200G 命令注入漏洞

D-Link Di-7200G is a gigabit enterprise router from China Youxun D-Link. D-Link DI-7200G V2.E1 v21.04.09E1 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the path parameter...