Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 Exploit Description This repository contain...

PT-2023-8926 · Sysaid · Sysaid

Name of the Vulnerable Software and Affected Versions: SysAid affected versions not specified Description: The issue is related to a path traversal vulnerability in the doPost method of the com.ilient.server.UserEntry class in SysAid, a service support and hardware and software control automation...

Progress Software WS_FTP Server Code Issue Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A code issue vulnerability exists in versions of Progress Software WSFTP Server prior to 8.8.4 that stems from not limiting the number of file uploads...

[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...

Ragic Security Vulnerability

Ragic is a No Code enterprise e-enabling tool from China Immediate Technology Ragic. A security vulnerability exists in Ragic, which stems from an insufficient filtering of special characters in the file upload feature, which allows a remote attacker to inject JavaScript to perform a stored...

Galaxy Software Services Vitals ESP Security Vulnerability

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP due to insufficient filtering and authentication during file uploads, which can be exploited by an...

CVE-2023-5860

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload...

Input validation

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload...

CVE-2023-5860

CVE-2023-5860 refers to the Icons Font Loader WordPress plugin vulnerable to arbitrary file uploads due to missing file type validation in the upload function, affecting versions up to and including 1.1.2. The issue requires authenticated access at administrator level or higher, enabling an attac...

WordPress Plugin Icons Font Loader Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2023-5360

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE...

SUSE-SU-2023:4288-1 Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: - CVE-2023-46136: Fixed a potential denial of service via large multipart file uploads bsc1216581...

The vulnerability of the WPanel CMS system, related to the lack of restrictions on file uploads, allows a hacker to execute arbitrary code.

The vulnerability of the WPanel CMS system is related to the lack of restrictions on the download of files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by downloading arbitrary PHP files remotely...

DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998

Impact ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to remediate. But while writing up a new security bulletin regarding the impact on the affected ESAPI HTTPUtilities.getFileUploads methods or more specifically...

GHSA-7C2Q-5QMR-V76Q DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998

Impact ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to remediate. But while writing up a new security bulletin regarding the impact on the affected ESAPI HTTPUtilities.getFileUploads methods or more specifically...

CVE-2023-5820

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged reques...

CVE-2023-5820

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged reques...

[SECURITY] Fedora 38 Update: python-urllib3-1.26.18-1.fc38

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...

CVE-2020-36706

The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary fil...

Input validation

The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary fil...