109 matches found
Weseek GROWI 路径遍历漏洞
GROWI is a team collaboration software. A directory traversal vulnerability exists in WESEEK GROWI, which can be exploited by remote attackers to alter data by uploading specially crafted files...
Cisco IOS XE Command Injection Vulnerability (CNVD-2020-31962)
Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A command injection vulnerability exists in the Web UI of the Cisco IOS XE Software, which arises from the program not properly cleaning up input. The vulnerability can be exploite...
CVE-2020-3212
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this...
CVE-2020-3302
A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
CVE-2019-1443
An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The...
Design/Logic Flaw
In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update...
CVE-2019-9624
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI...
CVE-2018-20149
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data...
CVE-2015-5457
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php...