Lucene search
+L

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2013-7256

Malware in sbrugna...

9.3CVSS6.4AI score0.01838EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/07/31 2:56 p.m.6 views

CVE-2013-10034

An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and...

9.3CVSS6.7AI score0.01838EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/04/04 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-2075

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

8.8CVSS5.8AI score0.02474EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2024/01/12 10:44 p.m.63 views

Detect and Manage the Risk of Apache Struts (CVE-2023-50164) Comprehensively

Introduction In the vast landscape of cybersecurity, staying vigilant against potential threats is crucial. A critical vulnerability that surfaced recently is CVE-2023-50164, affecting Apache Struts 2, a widely used open-source framework for Java development. This path traversal vulnerability,...

7.5CVSS10AI score0.80819EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2024/01/07 12:0 a.m.53 views

Adobe Experience Manager 6.0.0.0 < 6.5.19.1 Arbitrary code execution (APSB23-77)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.19.1. It is, therefore, affected by a vulnerability as referenced in the APSB23-77 advisory. - An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to...

9.8CVSS8.7AI score0.80819EPSS
Exploits15References2
Qualys Blog
Qualys Blog
added 2023/12/26 2:6 p.m.38 views

Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164

Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results i...

7.5CVSS8.1AI score0.80819EPSS
Exploits15
Saint
Saint
added 2023/12/20 12:0 a.m.164 views

Apache Struts file upload directory traversal

Added: 12/20/2023 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

9.8CVSS9.8AI score0.80819EPSS
Exploits15
OSV
OSV
added 2023/12/07 9:30 a.m.2 views

GHSA-2J39-QCJM-428W Apache Struts vulnerable to path traversal

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

9.8CVSS7.2AI score0.80819EPSS
Exploits15References10
Prion
Prion
added 2023/12/07 9:15 a.m.35 views

Design/Logic Flaw

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

7.5CVSS7.3AI score0.80819EPSS
Exploits15References4Affected Software1
NCSC
NCSC
added 2023/12/07 12:0 a.m.8 views

Vulnerability fixed in Apache Struts

Apache Foundation has fixed a vulnerability in Struts. A malicious person with rights to upload files can exploit the exploit the vulnerability to upload a rogue file to potentially potentially execute or cause to be executed arbitrary code within the application using Struts. Apache Foundation h...

9.8CVSS9.5AI score0.80819EPSS
Exploits15
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.5 views

PT-2023-20398 · Lucian Apostol · Auto Affiliate Links

Name of the Vulnerable Software and Affected Versions: Lucian Apostol Auto Affiliate Links plugin versions = 6.3.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actio...

8.8CVSS8.8AI score0.00248EPSS
Exploits0References3
0day.today
0day.today
added 2013/11/19 12:0 a.m.32 views

Kaseya 6.3.0.2 - Arbitrary File Upload Vulnerability

Kaseya version 6.3.0.2 suffers from a remote shell upload vulnerability. Kaseya 6.3.0.2 Shell Upload Vulnerability +-----------+ |Description| +-----------+ Kaseya 6.3 suffers from an Arbitrary File Upload vulnerability that can be leveraged to gain remote code execution on the Kaseya server. The...

7.2AI score
Exploits0
Rows per page
Query Builder