Zoo Management System 代码问题漏洞

Zoo Management System is a zoo management system by Carlo Montero, an individual developer. It provides an online and automated platform for zoo organizations to manage their daily records. A code issue vulnerability exists in Zoo Management System. An attacker could exploit the vulnerability by...

CVE-2022-2356

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded...

WordPress Plugin Frontend File Manager & Sharing 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2022-4007 · Digi · Digi Connectport X2E

Name of the Vulnerable Software and Affected Versions: Digi ConnectPort X2D affected versions not specified Description: The issue is related to errors in access control, allowing a remote attacker to execute arbitrary code by uploading specially crafted python files. This is due to the lack of...

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

WordPress Import any XML or CSV File to WordPress Plugin < 3.6.8 RCE Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-1565

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wpallimportgetgz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary...

Input validation

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wpallimportgetgz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary...

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability

Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system a...

DSK DSKNet 代码问题漏洞

DSK DSKNet is a data interaction program from DSK Japan. Their time and attendance data can be accessed interactively from any site connected to your network. DSK DSKNet 2.16.136.0 and 2.17.136.5 A security vulnerability exists in Touch settings that allow PDF uploads with PHP content and...

CVE-2022-2419 URVE Web Manager upload.php unrestricted upload

A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has be...

URVE Web Manager 代码问题漏洞

URVE Web Manager is a website manager from URVE. A security vulnerability exists in URVE Web Manager that can be exploited by attackers to upload files without restriction...

VulnCheck KEV: CVE-2022-26352

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution...

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the...

springframework: DoS via data binding to multipartFile or servlet part

A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

GFI Mail Archiver 代码问题漏洞

GFI Mail Archiver is used by GFI Malta to easily protect, store and retrieve electronic communications. A security vulnerability exists in GFI Mail Archiver version 15.1, which stems from the insecure use of the Telerik Web UI plugin affected by CVE-2014-2217 and CVE-2017-11317, which can be...

django: Denial-of-service possibility in file uploads

A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files...

Dice 代码问题漏洞

Dice is a front-end and back-end separated personal content management CMS system. A security vulnerability exists in Dice v4.2.0, which stems from allowing any file uploads and can be exploited by an attacker to remotely execute code...

WordPress Elementor Page Builder Plugin 3.6.0 - 3.6.2 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elementor:websitebuilder"; ifdescription...

CVE-2022-1519

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit...