Acyba AcyMailing 代码问题漏洞

Acyba AcyMailing is a suite of newsletter and marketing automation software from the Acyba team in France. A security vulnerability exists in Acyba AcyMailing versions prior to 8.3.0, which stems from incorrect input validation leading to the unrestricted upload of dangerous files...

baserCMS vulnerable to arbitrary file uploads

Overview baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability t...

WisdomGarden Tronclass 代码问题漏洞

WisdomGarden Tronclass ilearn is a teaching platform from China WisdomGarden, Inc. A security vulnerability exists in WisdomGarden Tronclass that stems from improper access control when uploading files. Affected products and versions: Tronclass ilearn app version 2.3.2 and Tronclass ilearn web...

CVE-2023-25923

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium Ke...

K000133041: ModSecurity vulnerability CVE-2023-24021

Security Advisory Description Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection. CVE-2023-24021 Impact The...

OPENSUSE-SU-2023:0075-1 Security update for python-Django

python-Django was update to fix: - CVE-2023-24580: Prevent DOS in file uploads. bsc1208082...

PT-2023-20571 · Sitecore · Sitecore Xp/Xm

Name of the Vulnerable Software and Affected Versions: Sitecore XP/XM version 10.3 Description: An issue exists where an authenticated Sitecore user can upload language files without restrictions, leading to direct code execution on the content management server. Recommendations: For Sitecore XP/...

CVE-2023-0351 CVE-2023-0351

The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions...

CVE-2023-0351 CVE-2023-0351

The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions...

CVE-2021-46875

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...

GHSA-FRGR-C5F2-8QHH Denial of service in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 is affected by the Apache Commons FileUpload library’s vulnerability CVE-2023-24998. This library is used to process uploaded files via the Stapler web framework usually through StaplerRequestgetFile and...

cockpit-hq/cockpit is vulnerable to unrestricted file uploads

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1...

SUSE-SU-2023:0704-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-24580: Fixed DOS in file uploads bsc1208082...

Akuvox E11 命令注入漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. The Akuvox E11 suffers from a command injection vulnerability that stems from a web server backend library that allows command injection in the device's phonebook contact feature. This could allow an...

Cockpit 代码问题漏洞

Cockpit is an interactive server management interface. A code issue vulnerability exists in versions prior to Cockpit 2.4.1 that stems from a lack of extension checking during file uploads. An attacker can exploit this vulnerability to execute malicious code in the server...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins version 2.393 and earlier, LTS version 2.375.3 and earlier. An attacker could...

Atlassian Jira < 9.6.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities: - A issue in the underlying Spring framework which permits a authenticated attacker to perform a STOMP over...

CVE-2023-22890

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition...

CVE-2021-4330

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for...