1410 matches found
CVE-2021-40870
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal...
PT-2021-7652
Name of the Vulnerable Software and Affected Versions Aviatrix Controller versions 6.x through 6.5-1804.1921 Description The issue is related to an unrestricted upload of a file with a dangerous type, allowing an unauthenticated user to execute arbitrary code via directory traversal. This can be...
CVE-2020-19138
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...
CVE-2020-19138
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...
The vulnerability of the Pulse Connect Secure corporate network VPN server, related to the unlimited download of dangerous types of files, allows a hacker to execute arbitrary code.
The vulnerability of the Pulse Connect Secure corporate network VPN server is related to the unlimited download of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by downloading a specially created archive through the web administrator interface...
CVE-2021-33884
An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten...
The vulnerability of the File Manager plugin (wp-file-manager) of the WordPress content management system allows a hacker to execute arbitrary PHP code on the target system.
The vulnerability of the File Manager plugin wp-file-manager in the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows a malicious actor to execute any PHP code on the target system remotely...
PYSEC-2021-336
Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'...
CVE-2020-18704
CVE-2020-18704 affects Django-Widgy v0.8.4 . The issue is an unrestricted upload of a file with a dangerous type via the image widget in the component “Change Widgy Page” , which can allow remote attackers to execute arbitrary code. The provided documents do not include specific exploitation deta...
Micro Focus SUSE Linux Enterprise Server 后置链接漏洞
Micro Focus SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from Micro Focus in the United Kingdom. A security vulnerability exists in Micro Focus SUSE Linux Enterprise Server, which stems from potentially dangerous file system operations in...
Exploit for Unrestricted Upload of File with Dangerous Type in Pi-Hole
PoC exploit for CVE-2020-11108; an RCE and privilege escalation in Pi-hole. The exploit targets Pi-hole = 4.4 and must be run with root privileges. The primary entry point is the cve-2020-11108-rce.py script, which will give a shell as the www-data user, and the root-cve-2020-11108-rce.py script,...
CVE-2021-29699
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600...
Design/Logic Flaw
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600...
The system’s vulnerability regarding data collection and automation process control in ScadaBR, related to unlimited loading of dangerous type files, allows a intruder to execute arbitrary code.
The vulnerability of the ScadaBR system for data collection and automation process control is related to the unlimited loading of dangerous type files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file named viewedit.shtm...
The vulnerability of the elFinder file manager stems from the incorrect implementation of authentication mechanisms, allowing attackers to execute arbitrary code.
The vulnerability of the elFinder file manager is related to the unlimited loading of files of a dangerous type. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created .phar file...
Exploit for Unrestricted Upload of File with Dangerous Type in Intelliants Subrion_Cms
CVE-2018-19422-SubrionCMS-RCE SubrionCMS 4.2.1 Authenticated...
Exploit for Unrestricted Upload of File with Dangerous Type in Intelliants Subrion_Cms
CVE-2018-19422-SubrionCMS-RCE SubrionCMS 4.2.1 Authenticated...
PT-2021-3504
Name of the Vulnerable Software and Affected Versions OpenPLC ScadaBR versions through 0.9.1 on Linux OpenPLC ScadaBR versions through 1.12.4 on Windows Description The ScadaBR system, designed for data collection and process automation control, is affected by multiple issues. One issue involves...
The vulnerability of the database update module of the Engineering Data and Product Lifecycle Management System LOCMAN:PLM, related to unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.
The vulnerability of the Active Business Process Automation Module of LOCsMAN WorkFlow Audit Service is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing the dll library e.g., msimg32.dll in the...