3575 matches found
PT-2024-37539 · WordPress · Imgspider
Name of the Vulnerable Software and Affected Versions: IMGspider plugin for WordPress versions up to, and including, 2.3.10 Description: The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload img file function. This makes it...
[SECURITY] Fedora 40 Update: python-urllib3-1.26.19-1.fc40
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...
Splunk Cloud Platform和Splunk Enterprise 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. A file...
CVE-2024-24551
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...
CVE-2024-24551
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...
CVE-2024-24550
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...
CVE-2024-24551
CVE-2024-24551 : Bludit is affected by a high-severity vulnerability in the Image API where authenticated attackers can upload and execute PHP files due to improper handling of file uploads. Affected component: Image API/file upload handling in Bludit. Impact: potential remote code execution with...
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...
CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...
Bludit Security Breach
Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit, which stems from improper handling of file uploads, and can be exploited by an attacker to execute arbitrary code via the Image API...
PT-2024-20443
Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description A security issue has been identified, allowing authenticated attackers to execute arbitrary code through the "Image API" endpoint. This issue arises from improper handling of file uploads,...
CVE-2024-6132
The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexelsfspimagesoptionsvalidate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with contributor-level a...
CVE-2024-2381
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2024-2381
CVE-2024-2381 affects the AliExpress Dropshipping with AliNext Lite plugin for WordPress. The vulnerability is an arbitrary file upload due to missing file type validation in ajax_save_image in all versions up to 3.3.5. It requires authentication at subscriber level or higher, enabling an attacke...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce Webhooks lies in their inability to prevent unlimited uploading of dangerous files, allowing attackers to execute arbitrary code.
The vulnerability of programming platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce Webhooks is related to the unlimited uploading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
WordPress plugin Salon booking system security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
WordPress plugin Sirv security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Simple Online Hotel Reservation System Code Issue Vulnerability
Simple Online Hotel Reservation System is an online hotel reservation system. A code issue exists in version 1.0 of the Simple Online Hotel Reservation System where an incorrect manipulation of the parameter photo can result in unrestricted file uploads...
The vulnerability of the UpLoadServlet component in the ProSAFE Network Management System (NMS300) allows a perpetrator to execute arbitrary code.
The vulnerability of the UpLoadServlet component in the ProSAFE Network Management System NMS300 involves unlimited uploading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...