JVN#31701509: Multiple vulnerabilities in MicroEngine Mailform

MicroEngine Mailform provided by MicroEngine Inc. contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-27397 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 3.7 CVSS v2|...

CVE-2023-28960

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...

CVE-2023-27769

An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreadersetupfull13143.exe file...

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

SUSE CVE-2007-3779

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

SUSE CVE-2012-1924

Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog...

SUSE CVE-2016-2809

The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution...

SUSE CVE-2017-7766

An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires loca...

CVE-2022-38396

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 o...

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,...

CVE-2022-48008

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...

Design/Logic Flaw

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

PT-2023-14200 · Easytest · Easytest

Name of the Vulnerable Software and Affected Versions: EasyTest affected versions not specified Description: The issue concerns the File Upload function of EasyTest, which lacks sufficient filtering for special characters and file types. This allows a remote attacker, authenticated as a general...

CVE-2022-43436

CVE-2022-43436 affects the EasyTest File Upload feature. The root cause is insufficient filtering for special characters and file types in the upload handler, allowing a remote attacker authenticated as a general user to upload and execute arbitrary files. Documented impact includes manipulation ...

CVE-2022-43436 HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Arbitrary File Upload

The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service...

Easytest 代码问题漏洞

Easytest is an online learning quiz platform of China Huaqi Digital Technology Company. A security vulnerability exists in Easytest due to an insufficient filtering of special characters and file types in its File Upload feature, which allows remote attackers with normal user privileges to upload...

PT-2022-26441 · Bingo!Cms · Bingo!Cms

Name of the Vulnerable Software and Affected Versions: bingo!CMS versions 1.7.4.1 and earlier Description: The issue allows a remote unauthenticated attacker to upload an arbitrary file, potentially leading to the execution of an arbitrary script or alteration of a file. This is due to an...

CVE-2022-43668

CVE-2022-43668 affects Typora versions prior to 1.4.4. The issue is the improper neutralization of JavaScript code, allowing JavaScript contained in opened files to execute. Impact is described as facilitating code execution within the file context, with the product vulnerable when opening affect...

PT-2022-6946 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions 5.x before 5.0.4 Description: The issue is related to incorrect handling of exceptional states in the Redmine web application for project and task management. It may allow a remote attacker to upload and execute arbitrary...

CVE-2022-45476

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload...