Lucene search

K

Enable SVG, WebP & ICO Upload Security Vulnerabilities

cve
cve

CVE-2024-37295

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS

7.2AI Score

0.0004EPSS

2024-06-11 03:16 PM
22
nvd
nvd

CVE-2024-37295

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS

0.0004EPSS

2024-06-11 03:16 PM
1
cvelist
cvelist

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS

0.0004EPSS

2024-06-11 02:38 PM
3
vulnrichment
vulnrichment

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS

7.5AI Score

0.0004EPSS

2024-06-11 02:38 PM
1
malwarebytes
malwarebytes

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals....

6.8AI Score

2024-06-11 11:38 AM
2
securelist
securelist

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

10CVSS

9AI Score

0.0004EPSS

2024-06-11 08:00 AM
8
githubexploit
githubexploit

Exploit for CVE-2024-23692

CVE-2024-23692 BURP POC ``` GET...

9.8CVSS

7.1AI Score

0.002EPSS

2024-06-11 07:21 AM
219
mskb
mskb

Description of the security update for SharePoint Server Subscription Edition: June 11, 2024 (KB5002603)

Description of the security update for SharePoint Server Subscription Edition: June 11, 2024 (KB5002603) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

7.8CVSS

8AI Score

0.001EPSS

2024-06-11 07:00 AM
2
nvd
nvd

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

0.0005EPSS

2024-06-11 06:15 AM
2
cve
cve

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

5.2AI Score

0.0005EPSS

2024-06-11 06:15 AM
22
cvelist
cvelist

CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

0.0005EPSS

2024-06-11 05:33 AM
1
cve
cve

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-11 03:15 AM
26
nvd
nvd

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
4
vulnrichment
vulnrichment

CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-11 02:08 AM
4
cvelist
cvelist

CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

0.0004EPSS

2024-06-11 02:08 AM
4
wpvulndb
wpvulndb

ARMember < 4.0.28 - Directory Traversal via X-FILENAME

Description The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the...

7.1AI Score

2024-06-11 12:00 AM
1
wpvulndb
wpvulndb

Upload Fields for WPForms <= 1.0.2 - Missing Authorization

Description The Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.2. This makes it...

9.8CVSS

6.7AI Score

0.001EPSS

2024-06-11 12:00 AM
2
nessus
nessus

Debian dsa-5707 : libvlc-bin - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5707 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5707-1 [email protected] ...

7.3AI Score

2024-06-11 12:00 AM
wpvulndb
wpvulndb

Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS

6.7AI Score

0.0005EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

Integrate Google Drive < 1.3.94 - Missing Authorization

Description The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and...

9.8CVSS

6.7AI Score

0.001EPSS

2024-06-11 12:00 AM
vulnrichment
vulnrichment

CVE-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

7.7AI Score

0.001EPSS

2024-06-10 07:49 PM
cvelist
cvelist

CVE-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

0.001EPSS

2024-06-10 07:49 PM
2
impervablog
impervablog

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

10CVSS

8AI Score

EPSS

2024-06-10 06:05 PM
25
nvd
nvd

CVE-2024-35746

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

9.8CVSS

0.001EPSS

2024-06-10 05:16 PM
5
cve
cve

CVE-2024-35746

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

10CVSS

9.6AI Score

0.001EPSS

2024-06-10 05:16 PM
26
vulnrichment
vulnrichment

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

10CVSS

7.1AI Score

0.001EPSS

2024-06-10 04:34 PM
2
cvelist
cvelist

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

10CVSS

0.001EPSS

2024-06-10 04:34 PM
10
nvd
nvd

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

0.0004EPSS

2024-06-10 03:15 PM
2
cve
cve

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

8AI Score

0.0004EPSS

2024-06-10 03:15 PM
21
veracode
veracode

Remote Code Execution (RCE)

aimeos/aimeos-core is vulnerable to Remote Code Execution (RCE). The vulnerability is caused by improper file upload validation, allowing users with administrative privileges to upload files disguised as images but containing PHP code, which can then be executed in the context of the web...

7.9AI Score

2024-06-10 07:26 AM
4
cvelist
cvelist

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

0.0004EPSS

2024-06-10 12:00 AM
packetstorm

7.4AI Score

0.0004EPSS

2024-06-10 12:00 AM
69
cve
cve

CVE-2024-35661

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

9.8CVSS

5.4AI Score

0.001EPSS

2024-06-09 07:15 PM
23
nvd
nvd

CVE-2024-35661

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

9.8CVSS

0.001EPSS

2024-06-09 07:15 PM
4
cvelist
cvelist

CVE-2024-35661 WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

5.3CVSS

0.001EPSS

2024-06-09 06:33 PM
3
vulnrichment
vulnrichment

CVE-2024-35661 WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

5.3CVSS

7AI Score

0.001EPSS

2024-06-09 06:33 PM
nvd
nvd

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

0.0004EPSS

2024-06-09 01:15 PM
2
cve
cve

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-09 01:15 PM
22
cvelist
cvelist

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

0.0004EPSS

2024-06-09 12:15 PM
vulnrichment
vulnrichment

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

7.6AI Score

0.0004EPSS

2024-06-09 12:15 PM
1
githubexploit
githubexploit

Exploit for Logging of Excessive Data in Salesagility Suitecrm

CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...

8.6CVSS

7.2AI Score

0.0005EPSS

2024-06-09 07:18 AM
17
githubexploit
githubexploit

Exploit for CVE-2023-22515

CVE-2023-22515 Тут описана логика эксплуатации уязвимости,...

9.8CVSS

9.8AI Score

0.973EPSS

2024-06-08 08:04 PM
73
githubexploit
githubexploit

Exploit for Path Traversal in Wso2 Api Manager

CVE-2022-29464 A preauth arbitrary file upload that leads...

9.8CVSS

9.8AI Score

0.973EPSS

2024-06-07 10:17 PM
105
osv
osv

aimeos-core arbitrary file uopload vulnerability

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

7.4AI Score

0.0004EPSS

2024-06-07 09:31 PM
1
github
github

Duplicate Advisory: aimeos-core arbitrary file upload vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhc2-23c2-ww7c. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to...

7.3AI Score

0.0004EPSS

2024-06-07 09:31 PM
1
nvd
nvd

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

0.0004EPSS

2024-06-07 07:15 PM
6
cve
cve

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

7.4AI Score

0.0004EPSS

2024-06-07 07:15 PM
24
osv
osv

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

7.8AI Score

0.0004EPSS

2024-06-07 07:15 PM
1
osv
osv

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability....

7.1AI Score

2024-06-07 06:32 PM
4
github
github

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability....

7.1AI Score

2024-06-07 06:32 PM
3
Total number of security vulnerabilities68757