12 matches found
EUVD-2013-7256
Malware in sbrugna...
CVE-2013-10034
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and...
VulnCheck KEV: CVE-2025-2075
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...
Detect and Manage the Risk of Apache Struts (CVE-2023-50164) Comprehensively
Introduction In the vast landscape of cybersecurity, staying vigilant against potential threats is crucial. A critical vulnerability that surfaced recently is CVE-2023-50164, affecting Apache Struts 2, a widely used open-source framework for Java development. This path traversal vulnerability,...
Adobe Experience Manager 6.0.0.0 < 6.5.19.1 Arbitrary code execution (APSB23-77)
The version of Adobe Experience Manager installed on the remote host is prior to 6.5.19.1. It is, therefore, affected by a vulnerability as referenced in the APSB23-77 advisory. - An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to...
Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164
Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results i...
Apache Struts file upload directory traversal
Added: 12/20/2023 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...
GHSA-2J39-QCJM-428W Apache Struts vulnerable to path traversal
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...
Design/Logic Flaw
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...
Vulnerability fixed in Apache Struts
Apache Foundation has fixed a vulnerability in Struts. A malicious person with rights to upload files can exploit the exploit the vulnerability to upload a rogue file to potentially potentially execute or cause to be executed arbitrary code within the application using Struts. Apache Foundation h...
PT-2023-20398 · Lucian Apostol · Auto Affiliate Links
Name of the Vulnerable Software and Affected Versions: Lucian Apostol Auto Affiliate Links plugin versions = 6.3.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actio...
Kaseya 6.3.0.2 - Arbitrary File Upload Vulnerability
Kaseya version 6.3.0.2 suffers from a remote shell upload vulnerability. Kaseya 6.3.0.2 Shell Upload Vulnerability +-----------+ |Description| +-----------+ Kaseya 6.3 suffers from an Arbitrary File Upload vulnerability that can be leveraged to gain remote code execution on the Kaseya server. The...