Lucene search
+L

1409 matches found

BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.9 views

The vulnerability of the database update module of the Engineering Data and Product Lifecycle Management System LOCMAN:PLM, related to unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.

The vulnerability of the database update module of the LOCsman:PLM engineering data and product lifecycle management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing the wsock32.dll library with...

6.8CVSS6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.26 views

The vulnerability of the database update module of the WorkFlow system in the Engineering Data Management and Product Lifecycle Management system LOCMAN:PLM lies in the possibility of unlimited loading of dangerous files, allowing attackers to execute arbitrary code.

The vulnerability of the database update module of the LOCsman:PLM engineering data and product lifecycle management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow an attacker to execute arbitrary code by replacing the dll library version.dl...

6.8CVSS6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.8 views

The vulnerability of the update display module of the engineering data management system and the product lifecycle management system LOCMAN, related to unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.

The vulnerability of the update display module of the engineering data management and product lifecycle management system LOCsMAN:PLM is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by replacing the dll library e.g...

6.8CVSS6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.9 views

The vulnerability of the database update module of the Engineering Data and Product Lifecycle Management System LOCMAN:PLM, related to unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.

The vulnerability of the Active Business Process Automation Module of LOCsMAN WorkFlow Audit Service is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing the dll library e.g., msimg32.dll in the...

6.8CVSS6AI score
Exploits0Affected Software1
OSV
OSV
added 2021/06/01 2:15 p.m.4 views

CVE-2021-29092

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors...

8.8CVSS7.6AI score0.01746EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/05/31 4:9 a.m.3 views

CVE-2021-29092

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors...

8.8CVSS8.6AI score0.01746EPSS
Exploits0References2
Gitee
Gitee
added 2021/05/16 4:14 p.m.27 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...

10CVSS7AI score0.99988EPSS
Exploits52
Gitee
Gitee
added 2021/04/27 2:33 p.m.19 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...

10CVSS7AI score0.99988EPSS
Exploits52
VulnCheck KEV
VulnCheck KEV
added 2021/04/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-20022

SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and...

9.8CVSS7.1AI score0.83425EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/25 12:0 a.m.5 views

NOKIA NetAct 18A 代码问题漏洞

NOKIA NetAct 18A is an application system from Nokia Finland. It provides best-in-class applications to enable seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A, which can be exploite...

6.5CVSS6.6AI score0.01437EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/03/21 12:0 a.m.7 views

The vulnerability of the rebuildAggregateFrames function in the library for reading and modifying metadata in audio files from TagLib allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the rebuildAggregateFrames function in the library for reading and modifying metadata in audio files from TagLib is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its...

8.8CVSS6.6AI score0.02207EPSS
Exploits0References9Affected Software3
Positive Technologies
Positive Technologies
added 2021/03/19 12:0 a.m.5 views

PT-2021-3982 · WordPress · Woocommerce Stock Manager

Name of the Vulnerable Software and Affected Versions: WooCommerce Stock Manager versions up to, and including, 2.5.7 Description: The issue is related to the implementation of the import/export functionality in the WooCommerce Stock Manager plugin for WordPress, specifically in the...

8.8CVSS8.7AI score0.00719EPSS
Exploits2References6
OSV
OSV
added 2021/01/26 6:16 p.m.5 views

CVE-2021-22697

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software V2.1.13 and prior that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed...

7.8CVSS6.3AI score0.0347EPSS
Exploits0References3
Prion
Prion
added 2021/01/26 6:16 p.m.19 views

Design/Logic Flaw

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software V2.1.13 and prior that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed...

6.8CVSS8AI score0.0347EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2020/10/08 12:0 a.m.22 views

Telegram Desktop <= 2.1.13 Protection Mechanism Bypass Vulnerability - Windows

Telegram Desktop is prone to a protection mechanism bypass vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS7.6AI score0.02281EPSS
Exploits0References1
Gitee
Gitee
added 2020/10/07 5:1 p.m.9 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

No description...

8.1CVSS7AI score0.99607EPSS
Exploits18
Prion
Prion
added 2020/09/04 8:15 p.m.26 views

Unrestricted file upload

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands...

9CVSS7.2AI score0.01981EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/08/11 5:15 p.m.3 views

DEBIAN-CVE-2020-17448

Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension...

7.8CVSS7.4AI score0.02281EPSS
Exploits0References1
OSV
OSV
added 2020/08/11 5:15 p.m.22 views

CVE-2020-17448

Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension...

7.8CVSS6.9AI score0.02281EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/07/28 8:31 p.m.24 views

CVE-2020-11476

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file...

6.9AI score0.02936EPSS
Exploits1References4
Rows per page
Query Builder