164 matches found
CVE-2025-46001
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-6472
A vulnerability, which was classified as critical, has been found in code-projects Online Bidding System 1.0. Affected by this issue is some unknown functionality of the file /showprod.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploi...
CVE-2023-23019
Cross site scripting XSS vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function useradd....
CVE-2020-11811
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file...
CVE-2012-3483
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file...
CVE-2019-13597
s/sprm/s/dyn/PlayersetScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the execute function...
CVE-2025-24375
Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary...
SourceCodester Packers and Movers Management System 安全漏洞
SourceCodester Packers and Movers Management System is an open source packers and movers management system from Sourcecodester. A security vulnerability exists in version 1.0 of the SourceCodester Packers and Movers Management System, which stems from a cross-site scripting vulnerability in...
CVE-2024-43660
The CGI script .sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on the filesystem, including...
Digital China Networks vendor 安全漏洞
Digital China Networks vendor is a series of vendor firewalls from Digital China Networks DCCN, a Chinese company. A security vulnerability exists in Digital China Networks vendor version v.7.2.6.120, which originates from a vulnerability that could allow a remote attacker to execute arbitrary co...
SourceCodester Car Driving School Management System 跨站脚本漏洞
SourceCodester Car Driving School Management System is a driving school management system from SourceCodester. A cross-site scripting vulnerability exists in the SourceCodester Car Driving School Management System version 1.0, which originates from a cross-site scripting vulnerability in the...
Ruijie Networks RG-UAC Operating System Command Injection Vulnerability
Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC version 1.0, which originates from a...
Advisory ROSA-SA-2024-2431
Software: lua 5.3.4 OS: ROSA Virtualization 2.1 packageevrstring: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in luaresume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files WSFs since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its...
CVE-2024-31022
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component...
CVE-2024-25994 PHOENIX CONTACT: Unintended script file upload in CHARX Series
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only...
BIT-LUA-2021-43519
Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to perform a Denial of Service via a crafted script file...
ChatGPT-wechat-personal Security Vulnerability
ChatGPT-wechat-personal is to realize the function of ChatGPT chatbot in WeChat personal subscription number by calling OpenAI latest interface and gpt-3.5-turbo model. A security vulnerability exists in ChatGPT-wechat-personal version a0857f6, which stems from a Server Request Forgery SSRF...
TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account
Summary Professional FM transmitters. Description The transmitter has a hidden super administrative account 'factory' that has the hardcoded password 'inokram25' that allows full access to the web management interface configuration. The factory account is not visible in the users page of the...
Hikvision Intercom Broadcasting System Operating System Command Injection Vulnerability
Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An operating system command injection vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which stems from the parameter jsondataip in the file /php/ping.ph...