Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloa
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by remov
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploa
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custo
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges
Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory.
The documentation.pages e
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipu
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file u
Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can ex
A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root director
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory li
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POST
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argume
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File U
A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted
Page 1+ Next →