Ubuntu: Security Advisory (USN-6370-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6370-1: ModSecurity vulnerabilities

It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-42717 It was discovered that ModSecurity incorrect...

CVE-2023-40731

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...

CVE-2023-40731

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...

The vulnerability of the upload_post_image() function in the Forminator plugin of the WordPress content management system allows a hacker to bypass security restrictions and execute arbitrary code.

The vulnerability of the uploadpostimage function in the Forminator plugin of the WordPress content management system involves unlimited uploading of dangerous types of files. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions and execute arbitrary code...

Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting

==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...

CVE-2023-3375

Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection. This issue affects Bookreen: before 3.0.0...

PT-2023-24472

Name of the Vulnerable Software and Affected Versions Bookreen versions prior to 3.0.0 Description The issue affects Unisign Bookreen, allowing OS Command Injection due to an Unrestricted Upload of File with Dangerous Type vulnerability. Recommendations For versions prior to 3.0.0, update to...

Sql injection

A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tagalias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...

CVE-2023-3720

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

CVE-2023-4596

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

CVE-2023-4596

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

Input validation

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

CVE-2023-4596 Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

VulnCheck KEV: CVE-2023-4596

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to...

Horse Market Sell And Rent Portal Script 1.5.7 Cross Site Scripting

==================================================================================================================================== | Title : Horse Market Sell & Rent Portal Script V1.5.7 xss via file uploads Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows ...

CVE-2023-32756

e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service...

python-django: Potential denial-of-service vulnerability in file uploads

A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service...

Rockwell Automation ThinManager 路径遍历漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A path traversal vulnerability exists in Rockwell Automation Thinmanager Thinserver, which stems from the...

EasyAdmin8 Code Issues Vulnerabilities

EasyAdmin8 is a server administration suite for Blumlaut Individual Developers. A security vulnerability exists in EasyAdmin8 version v.1.0, which stems from the upload type method allowing the upload of arbitrary file types...