WordPress Plugin AdSanity 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2023-12463 · WordPress · Pwa For Wp & Amp

Name of the Vulnerable Software and Affected Versions: PWA for WP & AMP for WordPress versions up to, and including, 1.7.32 Description: The issue is related to arbitrary file uploads due to missing file type validation in the pwaforwp splashscreen uploader function. This allows authenticated...

StarsAlliance PsychoStats 跨站脚本漏洞

PsychoStats is a StarsAlliance open source application. A cross-site scripting vulnerability exists in StarsAlliance PsychoStats 3.2.2a and earlier versions, which stems from a problem with file uploads/admin/login.php and can be exploited by an attacker to conduct cross-site scripting XSS attack...

PT-2023-3766 · Mitsubishi · Melsec Iq-F Series Ethernet/Ip Module Fx5-Enet/Ip +1

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 affected versions not specified MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP affected versions not specified Description: The issue is related to an unrestricted upload of files with...

CVE-2023-28700

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt servic...

Code injection

A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/articleallowurledit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely...

CVE-2023-2928 DedeCMS article_allowurl_edit.php code injection

A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/articleallowurledit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely...

CVE-2023-2928

CVE-2023-2928 affects DedeCMS up to version 5.7.106. The vulnerability lies in the uploads/dede/article_allowurl_edit.php functionality where manipulating the allurls parameter leads to code injection. Impact is remote, and public exploits have been disclosed. Mitigation from connected documents ...

TIBCO Security Advisory: May 25, 2023 - TIBCO EBX Add-ons -CVE-2023-26216

TIBCO EBX Add-ons Path Traversal Original release date: May 25, 2023 Last revised: --- CVE-2023-26216 Source: TIBCO SoftwareInc. Products Affected TIBCO EBX Add-ons versions 4.5.16 and below The following component is affected: server Description The component listed above contains an exploitable...

CVE-2023-2496

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validateupload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a...

CVE-2023-2496 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Improper Authorization to Arbitrary File Upload

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validateupload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a...

CVE-2023-2496 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Improper Authorization to Arbitrary File Upload

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validateupload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a...

CVE-2023-28409

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file...

MGASA-2023-0175 Updated apache-mod_security packages fix security vulnerability

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall CVE-2022-48279 Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules...

Updated apache-mod_security packages fix security vulnerability

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall CVE-2022-48279 Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules...

CVE-2023-33251

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...

PT-2023-16311 · Undefined · Undefined

🚨 CVE-2023-33251 When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. 🎖@cveNotify...

PT-2023-24245 · Akka Http · Akka Http

Name of the Vulnerable Software and Affected Versions: Akka HTTP versions prior to 10.5.2 Description: The issue arises when Akka HTTP accepts file uploads via the FileUploadDirectives.fileUploadAll directive, creating a temporary file with weak permissions that can be read by other users on Linu...

CVE-2023-33251

CVE-2023-33251 affects Akka HTTP prior to 10.5.2 where FileUploadDirectives.fileUploadAll creates a temporary file with overly permissive permissions, allowing other users on Unix-like systems to read it. This is an information disclosure risk tied to temporary-file handling in the file upload pa...

OESA-2023-1286 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has...