Mitel 6800 Series、Mitel 6900 Series和Mitel 6900w Series 安全漏洞

Mitel 6800 Series and others are a series of telephones from the Canadian company Mindy Mitel. A security vulnerability exists in the Mitel 6800 Series, Mitel 6900 Series, and Mitel 6900w Series that stems from a lack of an authentication mechanism that could lead to a file upload attack...

CVE-2025-47187

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication...

CVE-2025-5322

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the doupdatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

Mattermost allows authenticated users to write files to arbitrary locations

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...

CVE-2025-6108 hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal

A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file...

PT-2025-23159 · Huocms · Huocms

Name of the Vulnerable Software and Affected Versions: HuoCMS versions 3.5.1 and earlier Description: The issue allows attackers to take control of the target server through file upload. Recommendations: For HuoCMS versions 3.5.1 and earlier, at the moment, there is no information about a newer...

CVE-2022-30289

A stored Cross-site Scripting XSS vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location...

CVE-2022-25242

In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery CSRF...

CVE-2020-13443

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges member is able to upload this. It is possible to bypass the MIME type check and file-extension check...

CVE-2025-25016

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation...

GHSA-5CPQ-9538-JM2J Gradio DOS in multipart boundry while uploading the file

A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service DoS attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue...

CVE-2024-8018 Denial of Service (DOS) in imartinez/privategpt

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible...

CVE-2025-1204

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to...

CVE-2025-22132

CVE-2025-22132 affects the WeGIA web manager for charitable institutions. The vulnerability is a Cross-Site Scripting (XSS) in the file upload functionality at the endpoint WeGIA/html/socio/sistema/controller/controla_xlsx.php . An attacker can upload a file containing malicious JavaScript, causi...

WordPress plugin Jupiter X Core 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2023-11836 · WordPress · Jetbackup

Name of the Vulnerable Software and Affected Versions: JetBackup – WP Backup, Migrate & Restore plugin for WordPress versions up to, and including 1.3.9 Description: The issue is due to missing nonce validation on the backup guard get import backup function, making it possible for unauthenticated...

Joomla! Component Easy Flash Uploader - 'helper.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/53977/info The Easy Flash Uploader component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload...

NetLink Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications ====================================== NetLink Remote Arbitrary File Upload Vulnerability Download: http://sourceforge.net/projects/kp-netlink/ by lumut-- Homepage: lumutcherenza.biz ====================================== upload.php "; echo ""...

NetLink - Arbitrary File Upload

NetLink - Arbitrary File Upload ====================================== NetLink Remote Arbitrary File Upload Vulnerability Download: http://sourceforge.net/projects/kp-netlink/ by lumut-- Homepage: lumutcherenza.biz ====================================== upload.php "; echo ""; echo "Filename:...

NetLink Shell Upload

====================================== NetLink Remote Arbitrary File Upload Vulnerability Download: http://sourceforge.net/projects/kp-netlink/ by lumut-- Homepage: lumutcherenza.biz ====================================== upload.php "; echo ""; echo "Filename: ".$filename; echo "File Type:...