109 matches found
CVE-2025-25015
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users tha...
CVE-2025-25015 Kibana arbitrary code execution via prototype pollution
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users tha...
CVE-2025-25766
An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...
CVE-2025-25766
An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...
CVE-2024-55078
An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file...
Blackboard Learn 安全漏洞
Blackboard Learn is a learning management system from Blackboard, Inc. A security vulnerability exists in Blackboard Learn version 2.0.0.2 and earlier, which stems from an arbitrary file upload vulnerability in the UserSusername.BlackBoard component that allows an attacker to execute arbitrary co...
CVE-2024-44871
CVE-2024-44871 affects moziloCMS v3.0. An arbitrary file upload vulnerability exists in the /admin/index.php component that enables an authenticated attacker to achieve arbitrary code execution by uploading a crafted file (e.g., a JPG) and renaming it to PHP via the admin interface. Multiple sour...
CVE-2024-40551
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40549
PublicCMS v4.0.202302.e is affected by CVE-2024-40549 due to an arbitrary file upload vulnerability in the /admin/cmsTemplate/savePlace component, which can allow an attacker to execute arbitrary code via a crafted file. The CVE is documented across multiple feeds (NVD, Red Hat, CNNVD, OSV, etc.)...
CVE-2024-40545
CVE-2024-40545 affects PublicCMS v4.0.202302.e, with an arbitrary file upload vulnerability in the /admin/cmsWebFile/doUpload component that can allow arbitrary code execution through a crafted file. Public details show high impact (C/H/I/A) and are supported by multiple sources (NVD/CNA) with CV...
CVE-2024-34832
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the g and node parameters...
CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...
Serendipity 2.5.0 - Remote Code Execution Exploit
Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import string from bs4 import...
Desdev DedeCMS 安全漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS from China's Zhuozhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval. A security vulnerability exists in DedeCMS versi...
inxedu 安全漏洞
Inxedu inxedu is a set of open source online education platform from China's Inxu Times Inxedu company. The platform includes an online school system, a live streaming system, an exam system and a marketing website. A security vulnerability exists in inxedu v2024.4. An attacker can exploit the...
Open eClass Platform Security Vulnerability
Open eClass Platform is an integrated course management system for Open eClass. A security vulnerability exists in Greek Universities Network Open eClass v.3.15 and earlier versions, which originates from a vulnerability that allows an attacker to run arbitrary code by uploading a crafted file to...
CVE-2024-28424
zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...
PT-2024-22428 · Greykite · Greykite
Name of the Vulnerable Software and Affected Versions: greykite version 1.0.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file, exploiting an arbitrary file upload vulnerability in the load obj function at /templates/pickle utils.py. Recommendations:...
PT-2024-21409 · Greek Universities Network · Open Eclass
Name of the Vulnerable Software and Affected Versions: Greek Universities Network Open eClass versions 3.15 and earlier Description: The issue allows attackers to run arbitrary code via the upload of a crafted file to the "certbadge.php" endpoint. This enables potential exploitation for malicious...
python-werkzeug: high resource consumption leading to denial of service
A resource consumption flaw was found in python-werkzeug. If a specially crafted file is uploaded by a remote attacker, it may cause a denial of service...