WordPress azw woocommerce file uploads plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress azw woocommerce file uploads plugin versions = 1.0.1. Solution No patched version available...

WordPress azw woocommerce file uploads plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress azw woocommerce file uploads plugin versions = 1.0.1. Solution No patched version available...

Security fix for the ALT Linux 10 package python3-module-django version 3.2.12-alt1

3.2.12-alt1 built Feb. 25, 2022 Anton Farygin in task 295709 Feb. 20, 2022 Anton Farygin - 3.2.11 - 3.2.12 - Fixes for the following security vulnerabilities: + CVE-2022-22818: Possible XSS via % debug % template tag. + CVE-2022-23833: Denial-of-service possibility in file uploads...

Zfaka 代码问题漏洞

An input validation error vulnerability exists in Zfaka, a free, secure, stable and efficient card issuance system, which stems from the product's backend file upload function that does not validate files. An attacker could cause remote command execution through this vulnerability...

CVE-2022-24984

Forms generated by JQueryForm.com before 2022-02-05 if file-upload capability is enabled allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content...

Bbs Forum 代码问题漏洞

Bbs Forum Patrol Cloud Light Forum System is a forum system. A code issue vulnerability exists in BBS Forum, which originates from the product's getType function not performing security checks on uploaded files. An attacker can use this vulnerability to upload arbitrary files. The following...

CVE-2020-13675

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...

Siemens Comos 代码问题漏洞

Siemens Comos is a plant engineering software solution from Siemens, a German company. A code issue vulnerability exists in Siemens Comos version V10.2, which stems from the COMOS Web component of COMOS allowing the upload and storage of arbitrary files on a Web server. An attacker could exploit...

USN-5269-2: Django vulnerabilities

USN-5269-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to...

USN-5269-1: Django vulnerabilities

Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2022-22818 Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issu...

USN-5269-1 python-django vulnerabilities

Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2022-22818 Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issu...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. A buffer error vulnerability exists in the Cisco Small Business RV Series routers that stems from an insufficient authorization enforcement mechanism in the context of a file upload. An attacker can exploit this vulnerability by sending a crafted...

Mageia: Security Advisory (MGASA-2013-0221)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-45808

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server...

CVE-2021-45808

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server...

CVE-2022-29454

Cross-Site Request Forgery CSRF vulnerability in WordPlus Better Messages plugin = 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated...

Crater代码问题漏洞

Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. A code issue vulnerability exists in Crater that stems from crater-invoice/crater uploading unlimited files of a dangerous...

Wordpress Plugin Catch Themes Demo Import RCE

The Wordpress Plugin Catch Themes Demo Import versions use exploit/multi/http/wpcatchthemesdemoimport msf exploitwpcatchthemesdemoimport show targets ...targets... msf exploitwpcatchthemesdemoimport set TARGET msf exploitwpcatchthemesdemoimport show options ...show and set options... msf...

CVE-2021-43856

Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser e.g...

Cross site scripting

Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser e.g...