Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution...

AZL-44475 CVE-2023-24021 affecting package mod_security for versions less than 2.9.7-8

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

AZL-43843 CVE-2023-24021 affecting package mod_security 2.9.4-1

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

DEBIAN-CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

Design/Logic Flaw

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

Dasherr 代码问题漏洞

Dasherr is a dashboard for self-hosted services by erohtar individual developers. Dasherr has a code issue vulnerability that stems from not limiting the number of file uploads. An attacker exploiting this vulnerability could execute arbitrary code on the server...

CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

PT-2023-6757 · Apache +4 · Apache +4

Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.7 Description: The issue is related to errors in security settings of the WAF engine for Apache ModSecurity. It may allow a remote attacker to bypass existing firewall rules. The problem also involves incorre...

CVE-2023-24021

CVE-2023-24021 affects ModSecurity’s handling of file uploads via the FILES_TMP_CONTENT collection, due to incorrect handling of '\0' bytes. The vulnerability can enable Web Application Firewall bypasses and buffer over-reads on the WAF when rules read FILES_TMP_CONTENT. Affected product: ModSecu...

CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

The vulnerability of the Portainer container management platform lies in the incorrect limitation of the path name for the restricted access catalog, allowing attackers to upload arbitrary files into the system.

The vulnerability of the Portainer container management platform is related to incorrect restrictions on path names in the restricted access catalog. Exploiting this vulnerability allows a malicious actor to upload arbitrary files into the system remotely...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scriptingXSS attacks. The vulnerability exists due to unchecked file uploads via the Resource endpoint, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scripting attacks. When a user uploads a file with .svg extension with direct access, the server response with content-type: image/svg+xml leading to processing SVG as HTML, allowing an attacker to inject malicious javascript...

Microweber 代码问题漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A code issue vulnerability exists in Microweber versions prior to 1.3.2, which stems fro...

AeroCMS 代码问题漏洞

AeroCMS is a content management system from the American company AeroCMS. AeroCMS v0.0.1 version of a security vulnerability, the vulnerability stems from /admin/posts.php?source=editpost there are arbitrary file uploads, an attacker can take advantage of the vulnerability to upload a webshell,...

OpenEMR 代码问题漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A code issue vulnerability exists in versions prior to OpenEMR 7.0.0.2 that stems...

WordPress plugin User Registration 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

WordPress theme Listingo 代码问题漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A code issue vulnerability exists in WordPress theme Listingo versions prior to 3.2.7 that stems from not...