MintHCM 跨站脚本漏洞

MINTHCM is a human resources management software developed by MINTHCM MintHCM A cross-site scripting vulnerability exists in version 3.0.8. The vulnerability stems from the Import feature that allows an attacker to perform cross-site scripting XSS loads in file uploads, which can be exploited by ...

DEBIAN-CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

Cisco Small Business RV Series Routers 操作系统命令注入漏洞

Cisco Small Business RV Series Routers is an RV Series router from Cisco. The Cisco Small Business RV Series Routers contain an operating system command injection vulnerability that can be exploited by a remote attacker to execute arbitrary commands or bypass authentication and upload files on th...

Django Directory Traversal Vulnerability (CNVD-2021-45275)

Django is an advanced Python web framework that pushes rapid development and clean, functional design. A directory traversal vulnerability exists in MultiPartParser in Django. The vulnerability can be exploited to perform directory traversal via an uploaded file with a specially crafted filename...

CVE-2021-24212

The WooCommerce Help Scout WordPress plugin before 2.9.1 https://woocommerce.com/products/woocommerce-help-scout/ allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp...

The vulnerability of WebReports servers stems from insufficient protection of the website structure, allowing attackers to upload malicious files and execute arbitrary code.

The vulnerability of the WebReports report server is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to download malicious files and execute arbitrary code...

Code injection

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...

CVE-2021-21357

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework...

Input validation

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework...

GHSA-3VG7-JW9M-PC3F Broken Access Control in Form Framework

Problem Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types...

Broken Access Control in Form Framework

Problem Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types...

CVE-2021-21357

TYPO3 Form Framework vulnerability (CVE-2021-21357): Improper input validation in Form Designer enables bypass of predefined option restrictions, allowing upload of arbitrary MIME types and persistence of files in writable TYPO3 directories. Requires a valid backend user to exploit. Affects TYPO3...

PT-2021-14440 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1 Description: The issue arises from improper input validation, allowing attackers to bypass restrictions of predefined options and submit arbitrary data in the Form Designer backend modul...

Cross-site Scripting (XSS)

eZ Platform Kernel is vulnerable to Cross-site Scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser by uploading malicious .html and .js files...

VulnCheck KEV: CVE-2021-24212

The WooCommerce Help Scout WordPress plugin before 2.9.1 https://woocommerce.com/products/woocommerce-help-scout/ allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp...

Wordpress PowerPress 代码问题漏洞

Wordpress PowerPress is Wordpress open source an application plugin . Provides a blog plugin functionality. WordPress PowerPress plugin before 8.3.8 A code issue vulnerability exists that allows arbitrary file uploads...

File Upload Vulnerability in dotCMS

dotCMS is a content management system CMS. A file upload vulnerability exists in dotCMS, which can be exploited by an attacker to upload arbitrary files...

Pryaniki Cross-Site Scripting Vulnerability

Pryaniki is a website building system for building a corporate communication platform from the Russian company Pryaniky. The platform is used for organizing communication within the company, motivational planning, idea management projects and other business processes. Pryaniki 6.44.3 suffers from...

Mozilla Firefox Type Obfuscation Code Execution Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A type confusion vulnerability exists in Mozilla Firefox when using the logical assignment operator, which prevents users from uploading files. No details of the vulnerability are provided at this time...

RZK Fortilogger Code Issue Vulnerability

RZK Fortilogger is a system from RZK Turkey that provides instant status tracking, logging, searching/filtering, reporting, and hotspotting for the FortiGate firewall on Windows systems. A security vulnerability exists in FortiLogger 4.4.2.2, which originates from being affected by arbitrary file...