U.S. Dept Of Defense: Automatic Admin Access

The automatic administrative access vulnerability allowed a user to access the application with full administrative privileges, including the ability to create submissions, manage users, and access sensitive data. The vulnerability impacted the integrity, confidentiality, and availability of the...

springframework: DoS via data binding to multipartFile or servlet part

A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

AgilePoint NX 代码问题漏洞

AgilePoint NX is a cloud-based digital transformation platform from AgilePoint Japan that enables enterprise-grade BPMS with no-code and low-code speed and agility. A security vulnerability exists in AgilePoint NX v8.0 SU2.2 & SU2.3. An attacker exploits the vulnerability to perform an insecure...

PYSEC-2023-61

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

Jedox 2020.2.5 Configurable Storage Path Remote Code Execution

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878...

python-django: Potential denial-of-service vulnerability in file uploads

A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service...

python-django: Potential denial-of-service vulnerability in file uploads

A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service...

SUSE-SU-2023:2080-1 Security update for python-Django1

This update for python-Django1 fixes the following issues: - CVE-2023-24580: Fixed potential DoS in file uploads bsc1208082...

PT-2023-15510 · Jedox · Jedox

Name of the Vulnerable Software and Affected Versions: Jedox version 2020.2.5 Description: The issue is related to incorrect input validation for the default-storage-path in the settings page, allowing remote, authenticated users to specify the location as the Webroot directory. This can lead to...

The vulnerability of the Upload function in the tpAdmin library allows a perpetrator to execute arbitrary code.

The vulnerability of the Upload function application\admin\controller\Upload.php in the tpAdmin library relates to the unlimited uploading of dangerous types of files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

CVE-2022-45802 Apache StreamPark (incubating): Upload any file to any directory

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later...

Zhongbang CRMEB 代码问题漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A code issue vulnerability exists in Zhongbang CRMEB version 4.6.0, which stems from an incorrect operation of the parameter filename resulting in unrestricted file uploads...

Remote Code Execution (RCE)

froxlor/froxlor is vulnerable to Remote Code Execution RCE. Lack of proper checking for unrestricted file uploads with dangerous types allows an attacker to execute harmful code on the system through uploading crafted files with malicious content...

CVE-2023-30613

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

CVE-2023-30613 Kiwi TCMS unrestricted file upload vulnerability

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

Fedora 37 : mod_security (2023-09f0496e60)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-09f0496e60 advisory. - new version 2.9.7 - switch to PCRE2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Meinberg Funkuhren LTOS 代码问题漏洞

Meinberg Funkuhren LTOS is a tape data storage technology from Meinberg Funkuhren, Germany. A code issue vulnerability exists in Meinberg Funkuhren LTOS versions prior to V7.06.013, which stems from the file upload function of the LTOS web interface failing to properly validate input. A remote...

Kiwi TCMS 代码问题漏洞

Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A code issue vulnerability exists in versions of Kiwi TCMS prior to 12.2 that stems from an inability to control what types of files can be uploaded. An attacker could exploit th...

Fedora 38 : mod_security (2023-bc61f7a145)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-bc61f7a145 advisory. - new version 2.9.7 - switch to PCRE2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Design/Logic Flaw

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tamperi...