CVE-2015-10105 IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal

A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function validjsidentifier of the file ipblacklistcloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It i...

CVE-2015-10105 IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal

A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function validjsidentifier of the file ipblacklistcloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It i...

GHSA-J3RG-3RGM-537H Directus vulnerable to Server-Side Request Forgery On File Import

Summary Directus versions =9.22.4 is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls that were implemented to patch vulnerability CVE-2022-23080 by performing a DNS rebinding attack a...

Directus vulnerable to Server-Side Request Forgery On File Import

Summary Directus versions =9.22.4 is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls that were implemented to patch vulnerability CVE-2022-23080 by performing a DNS rebinding attack a...

CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import

Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...

CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import

Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...

CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import

Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...

CVE-2023-1164

A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been...

CVE-2023-1164 KylinSoft kylin-activation File Import improper authorization

A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been...

CVE-2023-1164

CVE-2023-1164 affects KylinSoft kylin-activation on KylinOS, specifically the File Import functionality. The root cause is improper authorization within File Import, enabling a local attacker to exploit the issue. Several sources confirm the vulnerability, with public disclosures indicating local...

CVE-2023-1164 KylinSoft kylin-activation File Import improper authorization

A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been...

PT-2023-20682 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.23.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. It is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server via a POST...

PT-2023-16792 · Unknown · Kylin-Activation

Name of the Vulnerable Software and Affected Versions: kylin-activation versions prior to 1.3.11-23 and 1.30.10-5.p23 Description: A critical issue was found in the File Import component of kylin-activation, leading to improper authorization. The attack must be approached locally. The exploit has...

SA44800 - 2021-05: Out-of-Cycle Advisory: Pulse Connect Secure Buffer Overflow Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability was discovered under Pulse Connect Secure PCS. This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user...

CVE-2022-3417 WPtouch < 4.3.45 - Admin+ PHP Object Injection

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...

PT-2023-14971 · WordPress · Members Import

Name of the Vulnerable Software and Affected Versions: Members Import plugin for WordPress versions up to, and including, 1.4.2 Description: The issue is related to Self Cross-Site Scripting via the user login parameter in an imported CSV file due to insufficient input sanitization and output...

The CSV import function in JSM Insight’s data processing center for Atlassian Jira Server and Data Center is vulnerable, allowing attackers to perform SSRF attacks.

The vulnerability of the CSV import function in JSM Insight, a data processing tool for Atlassian Jira Server and Data Center, is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...

CVE-2022-3359

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3359

CVE-2022-3359 affects the Shortcodes and extra features for Phlox theme WordPress plugin, prior to version 2.10.7. The issue arises from unserializing the content of an imported file, enabling PHP object injection if a suitable gadget chain is present on the blog. Affected product: Phlox WordPres...

PT-2022-21789 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme WordPress plugin versions prior to 2.10.7 Description: The issue arises from the unserialize of the content of an imported file, which could lead to PHP object injection when a user imports a...