40 matches found
CVE-2026-32867 OPEXUS eComplaint unauthenticated file upload
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...
CVE-2018-25176
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...
CVE-2025-66908
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...
CVE-2023-53889
Perch CMS 3.2 is affected by a remote code execution through an unrestricted file upload in the assets management interface. Authenticated administrators can upload arbitrary PHP files (e.g., a .phar with embedded system command execution) to run commands on the server. Root cause: improper valid...
CVE-2025-27714
An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise...
CVE-2025-24489
An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise...
OpenPLC Runtime version 3 代码问题漏洞
OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. A code issue vulnerability exists in OpenPLC Runtime version 3 that originates from allowing an authenticated user to upload arbitrary files and access them publicly...
CVE-2024-31214 Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code execution
Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file...
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
ROS-20231109-02
Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...
Alteryx Server Cross-Site Scripting Vulnerability
Alteryx Server is a cloud-hosted or self-hosted application from Alteryx, Inc. for publishing, sharing, and executing workflows. A cross-site scripting vulnerability exists in Alteryx Server version 2022.1.1.42590, which stems from not performing type validation on uploaded files, allowing an...
CVE-2023-3486 PaperCut NG Unauthenticated File Upload
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected...
Cross site scripting
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this adviso...
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities: including the following: - An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to incorrect access to any other user accounts. CVE-2022-41352 ...
Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 34 Multiple Vulnerabilities
According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities: including the following: - An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to incorrect access to any other user accounts. CVE-2022-41352 ...
CVE-2022-41352
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
CVE-2020-25150 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute...
Newbee-mall code issue vulnerability
newbee-mall is an e-commerce system. newbee-mall v1.0.0 has a security vulnerability that can be exploited by attackers to upload arbitrary files via the upload function of /admin/goods/edit...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-34997
CVE-2021-34997 affects Commvault CommCell 11.22.22 (vulnerable versions include 11.22.x; fixed in 11.25+ per CNVD). Root cause: AppStudioUploadHandler validates user-supplied data inadequately, allowing arbitrary file uploads. This leads to remote code execution in the NETWORK SERVICE context. Ex...