73 matches found
GHSA-364W-9G92-3GRQ Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Withdrawn This advisory has been withdrawn after the maintainers of Laravel noted this issue is not a security vulnerability with Laravel itself, but rather a userland issue. Original CVE based description Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP...
OPENSUSE-SU-2021:1424-1 Security update for civetweb
This update for civetweb fixes the following issues: Version 1.15: boo1191938 / CVE-2020-27304: missing uploaded filepath validation in the default form-based file upload mechanism New configuration for URL decoding Sanitize filenames in handle form Example “embeddedc.c”: Do not overwrite files...
ZOHO ManageEngine ADManager Plus 代码问题漏洞
Zoho ManageEngine ADManager Plus is an easy-to-use Windows Active Directory management and reporting solution. A remote code execution vulnerability exists in Zoho ManageEngine ADManager Plus Build 7111, which stems from not properly validating file uploads in the PasswordExpiry interface and can...
ZOHO ManageEngine ADManager Plus 代码问题漏洞
Zoho ManageEngine ADManager Plus is an easy-to-use Windows Active Directory management and reporting solution. A remote code execution vulnerability exists in Zoho ManageEngine ADManager Plus Build 7111, which stems from not properly validating file uploads in the Personalization interface and ca...
Tenable Network Security Nessus 代码问题漏洞
Tenable Network Security Nessus is an open source system vulnerability scanner from US-based Tenable Network Security. A code issue vulnerability exists in Nessus Agent, which stems from the program's insufficient validation of files during file uploads, allowing a remote administrator user to...
CVE-2020-15641
CVE-2020-15641 affects Marvell QConvergeConsole 5.5.0.64. The vulnerability is a directory traversal flaw in the getFileUploadBytes method of the FlashValidatorServiceImpl class, caused by insufficient validation of a user-supplied path before file operations. This allows remote attackers to disc...
CVE-2020-12255
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to...
Unrestricted File Upload
verot/class.upload.php allows unrestricted file upload. The lack of file extension validation on file uploads allow a remote attacker to upload malicious files ending with .phar. When browsing to the uploaded file, the server executes the code in the file in the context of the server...
CVE-2018-7217
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...
rubygem-paperclip -- validation bypass vulnerability
Jon Yurek reports: Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check,...
HP ArcSight Logger < 6.0P1 Multiple Vulnerabilities
According to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is prior to 6.0P1. It is, therefore, affected by the following vulnerabilities : - An XXE injection vulnerability exists due to the improper verification of sources. An authenticated,...
php云人才系统 小漏洞一步步getshell(后台)
简要描述: php云人才系统 小漏洞一步步getshell,这里包含了php与mysql交互时候的特性(也算一个漏洞),还有phpyun自身图片的验证机制问题,等等,步骤比较艰辛,本来想在这里搞一个csrf呢,找了半天没有找到,到时找到一大堆xss,这里就不利用xss了,且看分析 详细说明: 首先我们做一个小测试: 对于mysql存储来说,建站者都会给每一个字段设置长度,然后当我们插入进去的数据长度超过了设置的长度,那么mysql是不会报错,然而会自然截断存储,这个就给我们编写程序的人留下了隐患。 利用场景分析...
anwsion问答系统存在任意文件上传重大漏洞
简要描述: 上传只做了js验证貌似 详细说明: 本人只在topic话题下上传了,貌似头像上传那里也存在该问题(没测试) 点击话题图像,就可以编辑上传图像了。 使用火狐的TAMPER DATA插件,并打开开始截获。 选择一个2bb.jpg(内涵php一句话的正常图片即可 该文件目录内还有一个2bb.php(留作备用 在tamaper data内修改数据,把2bb.JPG改成2bb.php即可 就可以看到上传上去的php图片小马了,但是这个是经过处理的 只要把url后面的100X100参数或者50x50参数去除,就可以得到一个没有经过处理的PHP小马了。 漏洞证明: 官方已经拿到shell了...