Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

Unauthorized File Upload Vulnerability in Cisco Security Manager

Cisco Security Manager is an enterprise-class security management application that provides visibility and control over Cisco security and network devices. network devices. An unauthorized file upload vulnerability exists in Cisco Security Manager, which can be exploited to upload arbitrary files...

Multiple Schneider Electric Products Buffer Error Vulnerabilities

Schneider Electric Modicon Quantum and others are products of Schneider Electric, France.Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process applications, high availability and safety solutions.Schneider Electric Modicon M340 is a mid-range PLC programmable...

Design/Logic Flaw

An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree...

HorizontCMS File Upload Vulnerability

HorizontCMS is an open source, responsive content management system CMS built on Laravel 6, VueJs 2.6 and Bootstrap 3.4. HorizontCMS 1.0.0-beta is vulnerable to unrestricted file uploads. An attacker can exploit this vulnerability to upload PHP code via zip file and execute PHP files via HTTP GET...

Basecamp: Lack of quarantine macOS attribute(com.apple.quarantine) leads multiple issues including RCE

Hi, basecamp team. HEY macOS client does not properly validate file uploads on its macOS inbox. That is because, by not setting the com.apple.quarantine attribute in the metadata of an executable file when it is uploaded, you allow the file to be executed on macOS without being checked by...

VulnCheck KEV: CVE-2017-11357

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution...

USN-4590-1: Collabtive vulnerability

It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. CVE-2015-0258...

Ubuntu 16.04 LTS : Collabtive vulnerability (USN-4590-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4590-1 advisory. It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause...

CVE-2020-12843

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used...

CVE-2020-12843

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used...

CVE-2020-12837

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used...

The vulnerability of the AcyMailing email marketing manager lies in the lack of restrictions on file downloads, allowing attackers to execute arbitrary code.

The vulnerability of the AcyMailing email marketing manager is related to the lack of restrictions on file uploads. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Design/Logic Flaw

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types...

SQL Server Reporting Services Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in SQL Server Reporting Services SSRS when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator. To exploit the...

PHPStudy suffers from nginx parsing vulnerability

PHPStudy is a program integration package for PHP debugging environment. PHPStudy suffers from a nginx parsing vulnerability, which can be exploited by an attacker to cause arbitrary code execution via the upload function by uploading legitimate file types containing malicious code to the server...

CVE-2020-14209

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control e.g., to let .noexe files be executed as PHP co...

CVE-2020-23971

gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name...

CVE-2020-23971

gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name...

WordPress wpDiscuz Remote Code Execution Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A remote code execution vulnerability exists in WordPress wpDiscuz versions prior to 7.0.4 that allows an...