Enable SVG, WebP & ICO Upload Security Vulnerabilities

WBCE CMS 1.6.2 Remote Code Execution

...

RHEL 6 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wget: Lack of filename checking allows arbitrary file upload via FTP redirect (CVE-2016-4971) wget:...

RHEL 6 : exiv2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265) Buffer overflow in...

RHEL 7 : perl-image-info (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. perl-Image-Info: XXE in SVG files (CVE-2016-9181) Note that Nessus has not tested for this issue but has instead...

RHEL 5 : squirrelmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squirrelmail: Insufficient escaping of user-supplied data (CVE-2017-7692) SquirrelMail: Directory...

RHEL 7 : librsvg2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. chromium-browser: Buffer overflow in Skia (CVE-2014-7904) librsvg: SIGFPE is raised in box_blur_line...

WBCE CMS v1.6.2 - Remote Code Execution (RCE)

...

RHEL 5 : tomcat5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: security manager bypass via IntrospectHelper utility function (CVE-2016-5018) tomcat: Remote...

RHEL 8 : fop (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. batik: Server-Side Request Forgery vulnerability (CVE-2022-44729) Server-Side Request Forgery (SSRF)...

CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

...

RHEL 5 : librsvg2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c (CVE-2017-11464) The...

RHEL 5 : cairo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cairo: Out-of-bounds read due to mishandling of unexpected malloc(0) call (CVE-2017-9814) Integer...

appRain CMF 4.0.5 Shell Upload

...

RHEL 6 : nmap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nmap: arbitrary file upload flaw in http-domino-enum-passwords NSE script (CVE-2013-4885) Note that Nessus has not...

RHEL 7 : exiv2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. exiv2: Heap-based buffer overflow in basicio.cpp (CVE-2017-12955) Buffer overflow in the...

RHEL 6 : perl-image-info (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. perl-Image-Info: XXE in SVG files (CVE-2016-9181) Note that Nessus has not tested for this issue but has instead...

RHEL 4 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: XSS with Drag and Drop and Javascript: URL (MFSA 2012-13) (CVE-2012-0455) Mozilla: SVG issues...

qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as...

qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as...

[SECURITY] Fedora 39 Update: loupe-45.3-2.fc39

An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...

[SECURITY] Fedora 39 Update: librsvg2-2.57.1-2.fc39

An SVG library based on...

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...

ORing IAP-420 2.01e Cross Site Scripting / Command Injection Vulnerabilities

...

BWL Advanced FAQ Manager 2.0.3 SQL Injection Vulnerability

...

changedetection 0.45.20 Remote Code Execution Exploit

...

wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version...

wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version...

CVE-2024-29848

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...

CVE-2024-29848

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...

CVE-2024-22060

An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM...

CVE-2024-22060

An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM...

CVE-2024-22060

An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM...

CVE-2024-29848

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...

CVE-2024-29848

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...

CVE-2022-25038

wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload...

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload...

CVE-2022-25038

wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload...

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload...

Regular Expression Denial Of Service (ReDoS)

tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...

Fedora 39 : roundcubemail (2024-a591b4dc74)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a591b4dc74 advisory. Release 1.6.7 - Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) - Fix bug where HTML entities in URLs were not decoded on HTML to plain...

Contact Form 7 Plugin for WordPress < 5.8.4 Arbitrary File Upload

The WordPress Contact Form 7 Plugin installed on the remote host is affected by an authenticated file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

BWL Advanced FAQ Manager 2.0.3 SQL Injection

...

changedetection 0.45.20 Remote Code Execution

...

ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

...

changedetection &lt; 0.45.20 - Remote Code Execution (RCE)

...

BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

...

Fedora 40 : roundcubemail (2024-680b8ba54e)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-680b8ba54e advisory. Release 1.6.7 - Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) - Fix bug where HTML entities in URLs were not decoded on HTML to plain...

OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field....

OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field....

TYPO3 Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly...