Siemens SIMATIC WinCC (TIA Portal) Code Upload Vulnerability (SSA-121293)

Binary data scadasiemenstiawinccssa-121293.nbin...

Multiple Siemens Products Code Upload Vulnerability Vulnerability

Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, Germany.SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated SCADA system.SIMATIC WinCC is one of the data analysis and display components. SIMATIC WinCC is an automated data acquisition and monitoring SCADA...

CVE-2019-11568

An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type...

CVE-2019-8992

The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for...

CVE-2018-16169

Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors...

Roxy Fileman File Upload Vulnerability

Roxy Fileman is a set of open source file browser for . A security vulnerability exists in the upload.php file in Roxy Fileman version 1.4.5. An attacker can exploit this vulnerability to upload shell code files to the server...

OCS Inventory NG ocsreports Shell Upload

Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST /ocsreports/index.php?function=telepackage HTTP/1.1 Host: 192.168.5.135 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:61.0 Gecko/20100101...

Design/Logic Flaw

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and...

CVE-2018-17573

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and...

CVE-2018-17573

The CVE-2018-17573 entry concerns WordPress with the WP-Insert plugin (v2.4.2 and earlier) where an improper exposure/configuration of FCKeditor files (fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/co...

CVE-2018-16352

There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...

CVE-2018-16352

CVE-2018-16352 affects WeaselCMS 0.3.6. A vulnerability in index.php allows PHP code to be embedded at the end of a .png file when served as image/png, enabling a PHP code upload vulnerability. The CVE is documented across multiple sources (NVD, OSV, CVE lists). The connected documents provide th...

CVE-2018-16352

There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...

Remote Code Upload Vulnerability in Haiwell C10S0R(-e) PLCs

C10S0R-e PLC is a product in the programmable logic controller PLC series of Xiamen Haiwei Technology Co. The Haiwell C10S0R-e PLC suffers from a remote code upload vulnerability that can be exploited by an attacker to upload arbitrary code via unauthorized construction of specific network packet...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

OpenSID Arbitrary File Upload Vulnerability

OpenSID is a village information management system developed by the SID community. An arbitrary file upload vulnerability exists in OpenSID version 18.06-pasca. An attacker can exploit this vulnerability to upload arbitrary PHP code with the help of an attached document in the article function...

Cross site scripting

Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user...

CVE-2018-11564

Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user...

Arbitrary File Download and Code Execution Vulnerability in Mycncartt v2.0.0.3

MyCnCart MCC for short is a free, open source B2C, B2B e-commerce platform system developed for the Chinese mainland market. Mycncartt v2.0.0.3 suffers from an arbitrary file download and code execution vulnerability, as the program does not make reasonable judgments and filters on the download...

Remote Code Upload Vulnerability in DCCE MAC1100 PLCs

The MAC1100 PLC Programmable Logic Controller PLC is a product in the Dalian Computer Control DCCE Programmable Logic Controller PLC series. A remote code upload vulnerability exists in the DCCE MAC1100 PLC. An attacker can exploit this vulnerability to construct malicious control code, remotely...