CVE-2020-36706

CVE-2020-36706 affects the Simple:Press WordPress Forum Plugin. The issue is missing file type validation in the sf-uploader.php uploader (~/admin/resources/jscript/ajaxupload/sf-uploader.php), allowing arbitrary file uploads in versions up to 6.6.0 and potentially enabling remote code execution ...

WordPress Plugin Simple:Press - WordPress Forum Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Simple:Press - WordPress...

LyLme Spage Code Issue Vulnerability

LyLme Spage six zero navigation page is China's six zero LyLme open source a navigation page . Committed to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

CVE-2023-4821

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts...

[SECURITY] Fedora 37 Update: python-urllib3-1.26.17-1.fc37

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...

[SECURITY] Fedora 38 Update: python-urllib3-1.26.17-1.fc38

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...

The vulnerability in the /useratte/userattestation.php script of the D-Link DAR-7000 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the D-Link DAR-7000 router’s microprogramming software, located in the /useratte/userattestation.php script, involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2023-6848 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to an unlimited file upload vulnerability in the GLPI system, which can be exploited by a remote attacker to upload arbitrary files to the system. This can potentially allow the...

PT-2023-6729 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki version 1.40.0 Description: The issue exists due to the lack of protection for the web page structure. A remote attacker with a low-privileged user account can exploit this by sending a malicious link to the instance administrator,...

CVE-2023-43498

A flaw was found in Jenkins weekly and LTS due to an issue when processing file uploads using the MultipartFormDataParser. By sending a specially crafted request, a local authenticated attacker could bypass security restrictions and access the Jenkins controller file system to read and write the...

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

CVE-2023-43498

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller...

Design/Logic Flaw

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller...

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

CVE-2023-43497

CVE-2023-43497 affects Jenkins 2.423 and earlier, and LTS 2.414.1 and earlier. The root cause is in processing file uploads via the Stapler web framework, which creates temporary files in the system temporary directory with default permissions. This could let an attacker with access to the Jenkin...

Jenkins Code Issues Vulnerabilities

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins has a security vulnerability that stems from the use of the Stapler Web framework to handle file uploads creates...

PT-2023-8997 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.423 and earlier, LTS 2.414.1 and earlier Description: The issue is related to the processing of file uploads using the Stapler web framework, which creates temporary files in the default system temporary directory with the...

Jenkins LTS < 2.414.2 / Jenkins weekly < 2.424 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.414.2 or Jenkins weekly prior to 2.424. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through...

PT-2023-7871 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the Custom Includes module of Nagios XI, which is vulnerable to unrestricted file upload of dangerous types. This could allow a remote attacker to execute arbitrar...