3575 matches found
Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...
GHSA-J66P-FVP2-FXHJ Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...
GHSA-M9FV-WHQ2-6WMC Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...
Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...
GHSA-GXXJ-G9V8-W28P Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...
GHSA-98H9-727M-44QV Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...
Cross-Site Scripting (XSS)
prestashop/prestashop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the customer thread feature allowing malicious file uploads through the front-office contact form. When an admin opens the attached file in back office, arbitrary JavaScript will be executed which can...
Z-Downloads < 1.11.4 - Authenticated (Admin+) Arbitrary File Upload
Description The Z-Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.11.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on th...
Siemens RUGGEDCOM CROSSBOW Privilege Missing Vulnerability
Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a privilege miss vulnerability that could cause an unauthenticated user to upload arbitrary files, which could be exploited by an attacker to execute arbitrary...
PT-2024-40057 · Ez Systems +3 · Ez Platform +4
Name of the Vulnerable Software and Affected Versions: eZ Platform and eZ Publish Legacy affected versions not specified Description: The issue concerns the handling of file uploads in eZ Platform and eZ Publish Legacy, potentially leading to remote code execution RCE if exploited. An attacker...
PT-2024-40367 · Unknown +1 · Archive Tar +1
Name of the Vulnerable Software and Affected Versions: Drupal versions prior to the latest version that updates Archive Tar to 1.4.9 Description: The issue arises from the use of the third-party library Archive Tar, which has released a security improvement. Multiple vulnerabilities are possible ...
PT-2024-40218 · Ez Systems +1 · Ez Publish Legacy +2
Name of the Vulnerable Software and Affected Versions: eZ Platform and eZ Publish Legacy affected versions not specified Description: The issue concerns a vulnerability in the way eZ Platform and eZ Publish Legacy handle file uploads, potentially leading to remote code execution RCE if an attacke...
CVE-2024-4397
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...
WordPress plugin LearnPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Kognetiks Chatbot 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-4560
CVE-2024-4560 affects the Kognetiks Chatbot for WordPress plugin. It reveals unauthenticated arbitrary file upload via chatbot_chatgpt_upload_file_to_assistant, in all versions up to 1.9.9, due to missing file-type validation. This could lead to remote code execution on the affected site. A patch...
PT-2024-4806 · Ibm · Ibm Security Guardium
Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 11.3 through 12.0 Description: The issue is related to the unlimited upload of dangerous file types, which could allow an authenticated user to cause a denial of service. Recommendations: For IBM Security Guardi...
CVE-2024-4701 Path Traversal vulnerability via File Uploads in Genie
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18...
CVE-2024-4701 Path Traversal vulnerability via File Uploads in Genie
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18...