CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

Nextcloud: Deck app allows to spoof file extensions by using RTLO characters

The Deck app was found to allow spoofing of file extensions by using RTLO characters...

CVE-2023-50982

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...

CVE-2023-52275

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension...

Design/Logic Flaw

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension...

IBM Planning Analytics Code Issue Vulnerability (CNVD-2024-01168)

IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting and analysis. A code issue vulnerability exists in IBM Planning Analytics version 2.0,...

CVE-2023-5673

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution...

PT-2023-32254 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution...

CVE-2023-42017

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the...

WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE

Description The plugin does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. PoC Run the following JS code in any page on the server, setting the id variable to a valid ID of a log entry on the...

Unrestricted file upload

KnowBand supercheckout 5.0.7 and 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" supercheckout, a guest can upload files with extensions .php...

CVE-2023-4819 Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts...

RLSA-2023:4954 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Mozilla: Memory corruption...

Updated firefox/thunderbird packages fix security vulnerability

Use-after-free in workers. CVE-2023-3600 File Extension Spoofing using the Text Direction Override Character. CVE-2023-3417 Offscreen Canvas could have bypassed cross-origin restrictions. CVE-2023-4045 Incorrect value used during WASM compilation. CVE-2023-4046 Potential permissions request bypas...

MGASA-2023-0266 Updated firefox/thunderbird packages fix security vulnerability

Use-after-free in workers. CVE-2023-3600 File Extension Spoofing using the Text Direction Override Character. CVE-2023-3417 Offscreen Canvas could have bypassed cross-origin restrictions. CVE-2023-4045 Incorrect value used during WASM compilation. CVE-2023-4046 Potential permissions request bypas...

CVE-2023-4480

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

CVE-2023-4480 Arbitrary File Read in Fusion File Manager

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

CVE-2023-4480 Arbitrary File Read in Fusion File Manager

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

FIRESHOP Advanced CMS 2.3 Arbitrary File Upload

==================================================================================================================================== | Title : FIRESHOP Advanced CMS v2.3 unrestricted file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Arbitrary file upload

Description Due to lack of file extension validation, privileged user administrator can upload arbitrary files with "update logo" and "update icon" features. The application uses the extension provided in the filename parameter. Proof of Concept POST /admin/default/jqadm/save/settings?locale=en...