27 matches found
EUVD-2025-208354
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...
CVE-2025-41756
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...
CVE-2025-41756
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...
CVE-2025-41756 Arbitrary Write with ubr-editfile
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...
CVE-2025-41756 Arbitrary Write with ubr-editfile
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...
CVE-2025-41754
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...
EUVD-2020-26915
Malware in sbrugna...
EUVD-2024-34274
Malicious code in bioql PyPI...
CVE-2024-11838
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1...
CVE-2024-11838
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1...
CVE-2024-11838 Local File Inclusion
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1...
CVE-2024-11838
The CVE is confirmed for PlexTrac: external control of a file name or path enabling Local Code Inclusion via an undocumented API endpoint. Affected versions are 1.61.3 through 2.8.1. The underlying issue is an external control vulnerability allowing file path manipulation, leading to local code i...
PlexTrac 安全漏洞
PlexTrac is a penetration test reporting and management platform from the US-based PlexTrac, Inc. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1, which stems from the presence of a filename or path external control vulnerability that allows an attacker to achie...
PT-2024-17285 · Plextrac · Plextrac
Name of the Vulnerable Software and Affected Versions: PlexTrac versions 1.61.3 through 2.8.1 Description: The issue affects PlexTrac due to an external control of file name or path vulnerability, allowing local code inclusion through the use of an undocumented API endpoint. Recommendations: For...
Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows
Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.ex...
Shopify: Undocumented `fileCopy` GraphQL API
Impact A malicious staff account with no permissions can copy other store file assets to current store, which they have no access to. Details So the story as follow A malicious staff member jackmccracken on storeA.myshopify.com wants to upload a file on the store but could not, due to permissions...
CVE-2020-5756
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...
CVE-2020-5756
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...
CVE-2020-5756
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...
CVE-2020-5756
Summary: CVE-2020-5756 affects Grandstream GWN7000, with firmware version 1.0.9.4 and older. An authenticated remote user can modify the system crontab via an undocumented API, enabling execution of arbitrary OS commands on the router. This vulnerability is described across multiple sources (NVD,...