QSAN Storage Manager 路径遍历漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A path traversal vulnerability exists in QSAN Storage Manager. The vulnerability stems from the product's getImage function not validating the path parameter in the URL, which allows an attacker to downlo...

GHSA-5H26-C766-G93V Cross-Site Scripting

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

UBUNTU-CVE-2021-20293

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

The vulnerability of the nagios_path parameter (lilac/export.php) of the monitoring software for systems and networks, EyesOfNetwork (EON), allows a perpetrator to execute arbitrary commands.

The vulnerability of the nagiospath parameter lilac/export.php of the monitoring software for systems and networks, EyesOfNetwork EON, is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker ...

Improper Input Validation in Spring Framework

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

VulnCheck KEV: CVE-2018-7422

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php, aka absolute path traversal...

WCMS Server-Side Request Forgery Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A server-side request forgery vulnerability exists in WCMS version 0.3.2. An attacker can send a specially crafted request from the web application's back-end server via the path parameter of wex/cssjs.php,...

CVE-2020-24137

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...

Directory traversal

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...

CVE-2020-24137

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...

Wcms 代码问题漏洞

WCMS is a content management system CMS that uses an open web interface to build websites. A server-side request forgery vulnerability exists in WCMS version 0.3.2. An attacker can send a specially crafted request from the web application's back-end server via the path parameter of wex/cssjs.php,...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by...

Cross site scripting

A cross-site scripting XSS vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.128. The vulnerability ste...

CVE-2020-35437

Subrion CMS 4.2.1 is affected by: Cross Site Scripting XSS through the avatarpath parameter in a POST request to the /core/profile/ URI...

CVE-2020-35598

ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. NOTE: this might be the same as CVE-2009-4623...

Openfire 4.6.0 Cross Site Scripting

Exploit Title: Openfire 4.6.0 - 'path' Stored XSS Date: 20201209 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/nodejs/nodejs.jsp HTTP/1.1 Host: 192.168.137.137:9090 User-Agent:...

CVE-2020-28115

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...

CVE-2020-21525

Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

CVE-2020-5421

In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...