CVE-2020-6651

Improper Input Validation in Eaton's Intelligent Power Manager IPM v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application...

Command injection

Improper Input Validation in Eaton's Intelligent Power Manager IPM v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application...

CVE-2020-11452

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources aka SSRF or leak files from the local system using the...

UBUNTU-CVE-2019-12445

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS...

ExpertGPS 6.38 - XML External Entity Injection Vulnerability

Exploit for xml platform in category web applications + Exploit Title: ExpertGPS 6.38 - XML External Entity Injection + Exploit Author: Trent Gordon + Vendor Homepage: https://www.topografix.com/ + Software Link: http://download.expertgps.com/SetupExpertGPS.exe + Disclosed at: 7FEB2020 + Version:...

ExpertGPS 6.38 - XML External Entity Injection

ExpertGPS 6.38 - XML External Entity Injection + Exploit Title: ExpertGPS 6.38 - XML External Entity Injection + Date: 2019-12-07 + Exploit Author: Trent Gordon + Vendor Homepage: https://www.topografix.com/ + Software Link: http://download.expertgps.com/SetupExpertGPS.exe + Disclosed at: 7FEB202...

CVE-2016-10914

The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file...

CVE-2016-10914

The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

Fedora 28 : phpMyAdmin (2018-f2b24ce26e)

Upstream announcement : Security fix: phpMyAdmin 4.8.3 is released The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains a security fix for an issue that can be exploited when importing files. A flaw was discovered with how warnin...

Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...

CVE-2018-15605

An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature...

Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)

Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Exploit Title: Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Date: 2018-04-23 Exploit Author: Marwan Shamel Software Link: https://filehippo.com/downloadfreedownloadmanager/925/ Version: v2.0 Built 417 Tested on:...

Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow

This module exploits a buffer overflow in Dup Scout Enterprise v10.4.16 by using the import command option to import a specially crafted xml file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2012-3353

The CVE-2012-3353 entry concerns Apache Sling JCR ContentLoader’s XmlReader in version 2.1.4, which allows importing arbitrary files (including local files) into the content repository, enabling potential information disclosure. The vulnerability arises from how XmlReader handles import operation...

CVE-2017-15943

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery SSRF attacks and consequentl...

CVE-2017-15943

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery SSRF attacks and consequentl...

Server side request forgery (ssrf)

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery SSRF attacks and consequentl...

CVE-2017-15943

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery SSRF attacks and consequentl...

Server-Side Request Forgery in PAN-OS

A vulnerability exists in the PAN-OS web interface in the configuration file import for applications, spyware and vulnerability objects. Exploitation of this vulnerability allows for the parsing of external entities and could lead a PAN-OS device to connect to and disclose limited information to...