CVE-2021-40344

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...

Rocket.Chat: Content-Security Policy bypass with File Uploads

The default Content-Security Policy CSP in Rocket.Chat versions 4.0.3 and 3.18.2 was bypassed by uploading a JavaScript file through the file upload feature. This file could then be included in the web application, allowing the execution of arbitrary scripts...

CVE-2021-39352

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

Design/Logic Flaw

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

firefly-iii 代码问题漏洞

firefly-iii is a free and open source personal finance manager. firefly-iii suffers from a code issue vulnerability that stems from the program being vulnerable to an unrestricted upload of dangerous types of files. No detailed vulnerability details are currently available...

CVE-2021-20130

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface...

CVE-2021-20131

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface...

CVE-2021-20131

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface...

Remote code execution

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface...

Remote code execution

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface...

CVE-2021-20131

CVE-2021-20131 concerns ManageEngine ADManager Plus Build 7111, where a post-authentication remote code execution flaw exists due to improperly validated file uploads in the Personalization interface. The root cause is inadequate validation of uploaded files, enabling an attacker with valid acces...

CVE-2021-20131

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface...

CVE-2021-20130

CVE-2021-20130 : In ManageEngine ADManager Plus (Build 7111), a post-authentication remote code execution vulnerability exists due to improperly validated file uploads in the PasswordExpiry interface. Exploitation would require authenticated access; the exact exploit details are not provided in t...

CVE-2021-20130

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface...

IR615 Router File Upload Vulnerability

The IR615 Router is a 4G industrial router from Rimu Technologies, China. The IR615 Router is vulnerable to file uploads, which can be exploited by attackers to upload malicious files as an administrator...

CVE-2021-39317

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

CVE-2021-39317

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

Design/Logic Flaw

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or /welcome.ph...

WordPress 代码问题漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is one of the plugins used to completely uninstall WordPress. WordPress Plugin A code issue exists due to a missin...

PT-2021-22526 · Accesspress · Accesspress-Parallax +6

Name of the Vulnerable Software and Affected Versions: AccessPress Demo Importer versions 1.0.6 and earlier accesspress-basic versions 3.2.1 and earlier accesspress-lite versions 2.92 and earlier accesspress-mag versions 2.6.5 and earlier accesspress-parallax version 4.5 accesspress-root version...