Lucene search
+L

1410 matches found

OSV
OSV
added 2021/09/13 8:15 a.m.2 views

CVE-2021-40870

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal...

9.8CVSS7.6AI score0.93019EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2021/09/13 12:0 a.m.6 views

PT-2021-7652

Name of the Vulnerable Software and Affected Versions Aviatrix Controller versions 6.x through 6.5-1804.1921 Description The issue is related to an unrestricted upload of a file with a dangerous type, allowing an unauthenticated user to execute arbitrary code via directory traversal. This can be...

10CVSS10AI score0.93019EPSS
Exploits5References20
NVD
NVD
added 2021/09/08 9:15 p.m.22 views

CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...

10CVSS0.05741EPSS
Exploits1References1
OSV
OSV
added 2021/09/08 9:15 p.m.12 views

CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...

9.8CVSS8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/08/31 12:0 a.m.12 views

The vulnerability of the Pulse Connect Secure corporate network VPN server, related to the unlimited download of dangerous types of files, allows a hacker to execute arbitrary code.

The vulnerability of the Pulse Connect Secure corporate network VPN server is related to the unlimited download of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by downloading a specially created archive through the web administrator interface...

9CVSS8.2AI score0.07828EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/08/25 12:15 p.m.7 views

CVE-2021-33884

An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten...

9.1CVSS7.6AI score0.00984EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/08/24 12:0 a.m.8 views

The vulnerability of the File Manager plugin (wp-file-manager) of the WordPress content management system allows a hacker to execute arbitrary PHP code on the target system.

The vulnerability of the File Manager plugin wp-file-manager in the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows a malicious actor to execute any PHP code on the target system remotely...

10CVSS8.2AI score0.97328EPSS
Exploits14References10Affected Software1
PyPA
PyPA
added 2021/08/16 6:15 p.m.6 views

PYSEC-2021-336

Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'...

9.8CVSS8AI score0.0289EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/08/16 6:15 p.m.17 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'...

7.5CVSS9.7AI score0.0289EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/16 5:56 p.m.127 views

CVE-2020-18704

CVE-2020-18704 affects Django-Widgy v0.8.4 . The issue is an unrestricted upload of a file with a dangerous type via the image widget in the component “Change Widgy Page” , which can allow remote attackers to execute arbitrary code. The provided documents do not include specific exploitation deta...

9.8CVSS9.7AI score0.0289EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/07/28 12:0 a.m.6 views

Micro Focus SUSE Linux Enterprise Server 后置链接漏洞

Micro Focus SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from Micro Focus in the United Kingdom. A security vulnerability exists in Micro Focus SUSE Linux Enterprise Server, which stems from potentially dangerous file system operations in...

7.1CVSS7AI score0.00296EPSS
Exploits1References2
Gitee
Gitee
added 2021/07/23 4:44 p.m.5 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pi-Hole

PoC exploit for CVE-2020-11108; an RCE and privilege escalation in Pi-hole. The exploit targets Pi-hole = 4.4 and must be run with root privileges. The primary entry point is the cve-2020-11108-rce.py script, which will give a shell as the www-data user, and the root-cve-2020-11108-rce.py script,...

9CVSS8.6AI score0.78262EPSS
Exploits17
OSV
OSV
added 2021/07/15 6:15 p.m.6 views

CVE-2021-29699

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600...

6.8CVSS6.8AI score0.00936EPSS
Exploits0References2
Prion
Prion
added 2021/07/15 6:15 p.m.25 views

Design/Logic Flaw

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600...

6CVSS6.5AI score0.00936EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/07/13 12:0 a.m.10 views

The system’s vulnerability regarding data collection and automation process control in ScadaBR, related to unlimited loading of dangerous type files, allows a intruder to execute arbitrary code.

The vulnerability of the ScadaBR system for data collection and automation process control is related to the unlimited loading of dangerous type files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file named viewedit.shtm...

8.8CVSS8.3AI score0.39096EPSS
Exploits8References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/29 12:0 a.m.7 views

The vulnerability of the elFinder file manager stems from the incorrect implementation of authentication mechanisms, allowing attackers to execute arbitrary code.

The vulnerability of the elFinder file manager is related to the unlimited loading of files of a dangerous type. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created .phar file...

8.1CVSS8.2AI score0.19083EPSS
Exploits1References6Affected Software1
GithubExploit
GithubExploit
added 2021/06/14 1:50 a.m.46 views

Exploit for Unrestricted Upload of File with Dangerous Type in Intelliants Subrion_Cms

CVE-2018-19422-SubrionCMS-RCE SubrionCMS 4.2.1 Authenticated...

7.2CVSS8.7AI score0.64261EPSS
Exploits10
GithubExploit
GithubExploit
added 2021/06/14 1:50 a.m.72 views

Exploit for Unrestricted Upload of File with Dangerous Type in Intelliants Subrion_Cms

CVE-2018-19422-SubrionCMS-RCE SubrionCMS 4.2.1 Authenticated...

7.2CVSS8.7AI score0.64261EPSS
Exploits10
Positive Technologies
Positive Technologies
added 2021/06/11 12:0 a.m.5 views

PT-2021-3504

Name of the Vulnerable Software and Affected Versions OpenPLC ScadaBR versions through 0.9.1 on Linux OpenPLC ScadaBR versions through 1.12.4 on Windows Description The ScadaBR system, designed for data collection and process automation control, is affected by multiple issues. One issue involves...

8.8CVSS7.3AI score0.4805EPSS
Exploits9References28
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.9 views

The vulnerability of the database update module of the Engineering Data and Product Lifecycle Management System LOCMAN:PLM, related to unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.

The vulnerability of the Active Business Process Automation Module of LOCsMAN WorkFlow Audit Service is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing the dll library e.g., msimg32.dll in the...

6.8CVSS6AI score
Exploits0Affected Software1
Rows per page
Query Builder