PT-2024-34521 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 Description: A Stored Cross-Site Scripting XSS issue allows an attacker to upload a malicious XML file containing JavaScript code, potentially leading to privilege escalation when the payload is executed. This could...

Rupee Invoice System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Rupee Invoice System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-42375

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

CVE-2024-41731

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

CVE-2024-5080

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...

VulnCheck KEV: CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...

PT-2024-12309 · Opentext · Opentext Documentum D2

Name of the Vulnerable Software and Affected Versions: OpenText Documentum D2 versions 16.5.1 through CE 23.2 Description: The issue allows the upload of arbitrary code, which can then be executed on the client's computer. This could potentially lead to malicious activities. Recommendations: For...

OpenText Documentum D2 Security Vulnerability

OpenText Documentum D2 is a component of an Enterprise Content Management ECM solution from OpenText. A security vulnerability exists in OpenText Documentum D2 versions 16.5.1 through CE 23.2. An attacker can exploit the vulnerability to upload arbitrary code and execute code on a client computer...

PT-2023-13352 · Rws · Rws Worldserver

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered in RWS WorldServer where adding a token parameter with the value of 02 bypasses all authentication requirements. This allows arbitrary Java code to be uploaded and...

CVE-2023-0757 Phoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...

CVE-2023-49296

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

GLPI Injection Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

Saad Irfan RemoteClinic Security Vulnerability

Saad Irfan RemoteClinic is a Saad Irfan open source application. Provides the ability to remotely manage your clinic via the web. A security vulnerability exists in RemoteClinic version 2.0, which stems from a lack of input validation and access control in the staff/register.php endpoint and the...

PT-2023-7877 · Phoenix Contact · Phoenix Contact Multiprog +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to an Incorrect Permission Assignment for Critical Resource, which allows an unauthenticated remote attacker to...

PHOENIX CONTACT ProConOS/ProConOS eCLR 安全漏洞

PHOENIX CONTACT ProConOS/ProConOS eCLR is a series of embedded automation devices from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT ProConOS/ProConOS eCLR, which stems from an incorrect assignment of critical resource privileges that allows an unauthenticated,...

PT-2023-19678 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform CMC versions 420, 430 Description: The issue allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, ...

CVE-2022-3575

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...