B. Braun Infusomat Pumps Could Let Attackers Remotely Alter Medication Dosages

Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun's Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication. McAfee, which discovered...

Simple Image Gallery Web App 代码问题漏洞

Simple Image Gallery Web App is a web-based application that can be managed by multiple users. Users can store their images in this Web application.An access control error vulnerability exists in Simple Image Gallery Web App, which stems from an unrestricted file upload of Simple Image Gallery We...

CVE-2020-21356

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis and build issue analysis reports.A security vulnerability exists in versions of JetBrains TeamCity prior...

ObjectPlanet Opinio 7.13 Shell Upload

Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26806 Exploit Title: ObjectPlanet Opinio version 7.13 allows unrestricted file upload Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timoth...

SourceCodester E-Commerce Website File Upload Vulnerability

SourceCodester E-Commerce Website is an application. A PHP e-commerce website project for bookstores. SourceCodester E-Commerce Website v 1.0 is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via file uploads to prodViewUpdate.php...

Victor CMS arbitrary file upload vulnerability

Victor CMS is an open source content management system from the developers of Victor Alagwu Software in Nigeria. version 1.0 of Victor CMS is vulnerable to arbitrary file uploads. An attacker can execute arbitrary code by uploading files to CMS site-masteradminincludesadminaddpost.php...

SourceCodester Alumni Management System Code Issue Vulnerability

Sourcecodester Alumni Management System is a Php, Mysql-based alumni management system from Sourcecodester, Inc. A security vulnerability exists in SourceCodester Alumni Management System version 1.0, which could be exploited by attackers to exploit the vulnerability to execute arbitrary code to...

SourceCodester Alumni Management System代码问题漏洞

Sourcecodester Alumni Management System is a Php, Mysql-based alumni management system from Sourcecodester, Inc. A security vulnerability exists in SourceCodester Alumni Management System version 1.0, which could be exploited by attackers to exploit the vulnerability to execute arbitrary code to...

CVE-2021-34623

A vulnerability in the image uploader component found in the /src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3...

EUVD-2021-21274

A vulnerability in the file uploader component found in the /src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3...

CVE-2021-34623

The CVE-2021-34623 entry describes an Arbitrary File Upload vulnerability in the Image Uploader component of the ProfilePress WordPress plugin, affecting versions 3.0.0–3.1.3. The issue allows attackers to upload arbitrary files during user registration or profile updates. Connected sources indic...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL.The WordPress ProfilePress plugin is vulnerable to arbitrary file uploads, which can be exploited...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in WordPress ProfilePress plugin versions 3.0.0 through 3.1.3, whi...

PT-2021-20591

Name of the Vulnerable Software and Affected Versions: ProfilePress WordPress plugin versions 3.0.0 through 3.1.3 Description: A vulnerability in the file uploader component found in the /src/Classes/FileUploader.php file made it possible for users to upload arbitrary files during user registrati...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-49043)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the FileImporter extension of MediaWiki prior to 1.36, which stems from...

File Upload Vulnerability in Travel Management System in PHP

Travel Management System in PHP is an automated system designed to help customers easily check their parcel details while helping travel companies track packages online. A file upload vulnerability exists in Travel Management System in PHP, which can be exploited by an attacker to upload a webshe...

CVE-2021-36132

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...

Design/Logic Flaw

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...

CVE-2021-36132

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...