CVE-2024-44413

A vulnerability was discovered in DI8200-16.07.26A1, which has been classified as critical. This issue affects the upgradefilterasp function in the upgradefilter.asp file. Manipulation of the path parameter can lead to command injection...

CVE-2024-44414

CVE-2024-44414 affects WayOS FBM_292W with firmware 21.03.10V. The vulnerability is in the sub_4901E0 function of msp_info.htm where manipulation of the path parameter can lead to command injection. The CVSSv3.1 base score is 8.8 (High) with network attack vector, low complexity, and privileges r...

D-Link DI_8200 安全漏洞

The D-Link DI8200 is an enterprise router from China's AUO D-Link. The D-Link DI8200 suffers from a command injection vulnerability that originates from manipulation of the parameter path in the file upgradefilter.asp. No details of the vulnerability are provided at this time...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in ESAFENET CDG V5, which originates from the fileId parameter of file/MultiServerBackService?path=1 that can lead to SQL injection...

VulnCheck KEV: CVE-2023-6023

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifactpath URL parameter...

CVE-2024-44400

A vulnerability was discovered in DI8400-16.07.26A1, which has been classified as critical. This issue affects the upgradefilterasp function in the upgradefilter.asp file. Manipulation of the path parameter can lead to command injection...

PT-2024-6373 · D Link · D-Link Di-8400

Name of the Vulnerable Software and Affected Versions: D-Link DI-8400 version 16.07.26A1 Description: A critical issue has been discovered, affecting the upgrade filter asp function in the upgrade filter.asp file. This issue allows for command injection through manipulation of the path parameter...

PT-2024-7881 · D Link · D-Link Di-8003

Name of the Vulnerable Software and Affected Versions: D-Link DI-8003 version 16.07.16A1 Description: A critical issue has been identified, affecting the function upgrade filter asp of the file /upgrade filter.asp. The manipulation of the argument path leads to os command injection. This issue ca...

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...

CVE-2024-31947

CVE-2024-31947 affects StoneFly Storage Concentrator (SC and SCVM) prior to version 8.0.4.26. The vulnerability is a directory traversal flaw triggered by a crafted path parameter used with the Online Help facility, exploitable by authenticated users and potentially exposing sensitive system info...

CVE-2024-6433 Local File Inclusion in stitionai/devika

The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshotpath parameter...

PT-2024-37622 · Devika · Devika

Name of the Vulnerable Software and Affected Versions: devika versions prior to the fixed version Description: The issue allows an attacker to read arbitrary files on the system by providing a crafted path. This can be exploited by sending a request to the application with a malicious snapshot pa...

PT-2024-25526 · Virtosoftware · Virto Bulk File Download

Name of the Vulnerable Software and Affected Versions: VirtoSoftware Virto Bulk File Download version 5.5.44 for SharePoint 2019 Description: An issue was discovered that allows arbitrary file download and deletion via absolute path traversal in the path parameter of the isCompleted method in the...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33383

Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter...

PT-2024-22253 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue allows a potential attacker to redirect to different domains when using a URL parameter with a relative entry in the correct format. This is related to an Arbitrary Op...

Tenda AC15 formExpandDlnaFile method stack buffer overflow vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. Tenda AC15 suffers from a stack buffer overflow...

PT-2024-20543 · Unknown · Casaos-Userservice

Name of the Vulnerable Software and Affected Versions: CasaOS-UserService versions prior to 0.4.7 Description: The issue concerns a path traversal vulnerability in the UserService API, which allows an unauthorized actor to access any file on the system due to insufficient path filtering for user...

CVE-2023-5123 Improper Path Sanitization in JSON Datasource Plugin

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...