Lucene search
K

9 matches found

NVD
NVD
added 2025/10/15 2:15 a.m.8 views

CVE-2024-13991

Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...

8.7CVSS0.00418EPSS
Exploits0References2
NVD
NVD
added 2025/10/15 2:15 a.m.5 views

CVE-2023-7311

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...

9.3CVSS0.01932EPSS
Exploits0References4
NVD
NVD
added 2025/10/15 2:15 a.m.3 views

CVE-2023-7305

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code o...

9.2CVSS0.00485EPSS
Exploits0References4
NVD
NVD
added 2025/10/15 2:15 a.m.8 views

CVE-2023-7304

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...

9.3CVSS0.03697EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 1:24 a.m.11 views

CVE-2023-7305

CVE-2023-7305 concerns SmartBI V8, V9, and V10 with an unrestricted file upload vulnerability in the RMIServlet request handling logic. The issue allows an attacker to trigger sensitive operations or potentially execute arbitrary code on the host via specially crafted requests. The root cause is ...

9.2CVSS7.5AI score0.00485EPSS
In wildExploits0References4
EUVD
EUVD
added 2025/10/15 1:21 a.m.3 views

EUVD-2024-55036

Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...

8.7CVSS6.7AI score0.00418EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/15 1:21 a.m.8 views

CVE-2024-13991 Huijietong Cloud Video Platform fileDownload Arbitrary File Read

Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...

8.7CVSS0.00418EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.4 views

PT-2025-42219

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code o...

9.2CVSS7.9AI score0.00485EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.5 views

PT-2025-42220

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...

9.3CVSS8.4AI score0.01932EPSS
Exploits0References5
Rows per page
Query Builder