CVE-2019-7730

MyWebSQL 3.7 has a Cross-site request forgery CSRF vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI...

GHSA-8P8G-F9VG-R7XR Directory Traversal vulnerability in Square Retrofit

Square Retrofit versions from including 2.0 to 2.5.0 excluding contain a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL an attacker could add or delete resources otherwise unavailable to her. This attack appears to be exploitable via an...

Directory traversal

Square Retrofit version versions from including 2.0 and 2.5.0 excluding contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack...

ASUSTOR ADM path traversal vulnerability (CNVD-2018-25039)

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A directory traversal vulnerability exists in the upload.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by modifying the 'path' URL parameter to upload a file to an arbitra...

TerraMaster TOS Directory Traversal Vulnerability

TerraMaster TOS is a set of Linux-based storage server operating system developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization, etc. The explorer application is one of the file browsing applications. A directory traversal...

CVE-2018-13332

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter...

CVE-2018-13332

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter...

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

Directory traversal

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

Synology DiskStation Manager Information Disclosure Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. An information disclosure vulnerability exists in SYNO.Core.ACL in Synology DSM versions prior to...

CVE-2018-13281

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...

Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection

Exploit Title: Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: 2.3 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

CVE-2018-16821

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...

CVE-2018-16549

HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter...

Sandoba CP:Shop '. /cpshop/' module cross-site scripting vulnerability

Sandoba CP:Shop is a set of online store system of German Sandoba company. The system sales management, financial management and site search and other functions. The Sandoba CP:Shop 2016.1 version of the '. /cpshop/' module has a cross-site scripting vulnerability in the 'admin.php' file. The...

UBUNTU-CVE-2017-16652

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the targetpath parameter and generates a redirect response, but no check is...

Vesta Control Panel Cross-Site Scripting Vulnerability (CNVD-2018-09183)

Vesta Control Panel is an open source web hosting control panel. A cross-site scripting vulnerability exists in Vesta Control Panel version 0.9.8-20. A remote attacker can exploit this vulnerability by sending the 'path' parameter to the view/file/index.php URI to execute PHP code...

Node.js third-party modules: [entitlements] Command injection on the 'path' parameter

Hello again, another command injection, this time on the entitlements module. Module module name: entitlements version: 1.2.0 npm page: https://www.npmjs.com/package/entitlements Module Description check the entitlements of a .app bundle Module Stats 26 downloads in the last day 328 downloads in...