Lucene search
K

10 matches found

Snyk
Snyk
added 2026/04/03 4:8 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

9.8CVSS6.3AI score0.00683EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/06 5:59 p.m.8 views

OpenSTAManager has an OS Command Injection in P7M File Processing

Summary A critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Vulnerable Code File:...

9.4CVSS6.1AI score0.01755EPSS
Exploits9References3Affected Software1
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.3 views

WordPress plugin MxChat 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MxChat, which stems from...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/06 7:44 p.m.3 views

CVE-2025-34239 Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

8.6CVSS7.6AI score0.01616EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/09 7:47 p.m.2 views

Command Injection

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Command Injection due to upload file when a specially crafted filename is included in a command defined in a system event handler and the corresponding event is triggered. An...

8.8CVSS5.9AI score0.19313EPSS
Exploits4References2
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.3 views

Mahara 安全漏洞

Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 22.10.6, 23.04.6, and 24.04.1, which stems from an uploaded filename that contains malicious JavaScript code that could lead to a cross-site scripting...

6.1CVSS6.1AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.4 views

PT-2022-23602 · Unknown · Rpi-Jukebox-Rfid

Name of the Vulnerable Software and Affected Versions: RPi-Jukebox-RFID version 2.3.0 Description: A command injection issue was discovered in the /htdocs/utils/Files.php component. This issue is exploited via a crafted payload injected into the file name of an uploaded file. Recommendations: For...

9.8CVSS9.4AI score0.02493EPSS
Exploits1References5
OSV
OSV
added 2018/07/03 9:29 p.m.3 views

CVE-2017-0912

Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling...

5.4CVSS5.9AI score0.00543EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/03 9:0 p.m.25 views

CVE-2017-0912

Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling...

5.6AI score0.00543EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2006/06/06 12:2 a.m.20 views

CVE-2006-2832

Cross-site scripting XSS vulnerability in the upload module upload.module in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename...

2.6CVSS6AI score0.01339EPSS
Exploits0References1
Rows per page
Query Builder