CVE-2024-7302

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-7302

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

The vulnerability in the OpenResty web platform’s control panel for the Linux server 1Panel involves a lack of security measures regarding the SQL query structure. This allows attackers to execute arbitrary code and upload any files they desire.

The vulnerability of the OpenResty web platform’s control panel for the Linux server 1Panel relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and upload arbitrary files...

CVE-2024-38529

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

PT-2024-29714 · Cervantes · Cervantes

Name of the Vulnerable Software and Affected Versions: Cervantes versions through 0.5-alpha Description: The issue allows for insecure file uploads. Recommendations: For versions through 0.5-alpha, consider restricting file upload functionality until a secure version is available. As a temporary...

Cervantes 安全漏洞

Cervantes is an open source collaboration platform designed for Pentester and Red Teams by Cervantes Open Source. A security vulnerability exists in Cervantes 0.5-alpha and earlier versions that stems from accepting insecure file uploads...

CVE-2024-42054

CVE-2024-42054 affects Cervantes up to version 0.5-alpha, where the product accepts insecure file uploads. The connected documents confirm the core issue is insecure file upload handling, but do not provide concrete technical details (e.g., affected components, exact vectors, or patch versions). ...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

CVE-2024-6897

CVE-2024-6897 affects the WordPress plugin aThemes Starter Sites (versions ≤ 1.0.53). The issue is a Stored Cross-Site Scripting (XSS) via SVG file uploads caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at the Author level or higher, enab...

CVE-2024-6431

The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-6431

CVE-2024-6431 concerns the WordPress plugin Media.net Ads Manager up to version 2.10.13 . The issue is an arbitrary file upload caused by missing file-type validation and a missing capability check in the plugin’s sendMail function. The vulnerability requires an authenticated user with subscriber...

CVE-2024-38511

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-38510

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-38511

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-38510

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-38510

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-38510

CVE-2024-38510 is a privilege-escalation flaw in Lenovo XClarity Controller (XCC) where an authenticated XCC user with elevated privileges can trigger command injection via specially crafted file uploads to the SSH captive command shell interface. Affected product: Lenovo XCC (Lenovo XClarity Con...