The vulnerability of the software for the Zoho ManageEngine ServiceDesk Plus IT support service lies in the lack of restrictions on file uploads, allowing attackers to upload any files they desire.

The vulnerability of the Zoho ManageEngine ServiceDesk Plus software lies in the lack of restrictions on the upload of files. Exploiting this vulnerability allows a malicious actor to upload any files using the login page settings...

The vulnerability of the Telerik UI software for ASP.NET AJAX, related to the encryption flaws in RadAsyncUpload, allows attackers to perform arbitrary file uploads or execute arbitrary code.

The vulnerability of the Telerik UI software for ASP.NET AJAX is related to the shortcomings of the RadAsyncUpload encryption mechanism. Exploiting this vulnerability allows a malicious actor to perform arbitrary file uploads or execute arbitrary code...

Fedora 30 : wordpress (2020-fa71ca92f8)

WordPress 5.4.1 Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you havent yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues : - Props to Muaz Bin Abdus Sattar and Jannes who both independently...

Fedora 31 : wordpress (2020-7701f49327)

WordPress 5.4.1 Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you havent yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues : - Props to Muaz Bin Abdus Sattar and Jannes who both independently...

Topcoder: CSRF on https://apps.topcoder.com/wiki/pages/doattachfile.action

Summary: Hi : There is a CSRF on attaching files to wiki pages. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/pages/doattachfile.action?pageId= . I added the poc html file below. When someone opens this html file, or we can add it into our...

WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads

Description Authenticated users with the capability to upload files could upload files with specially crafted names containing utf8 characters to execute JavaScript when later viewed...

CVE-2020-1745

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

Remote code execution

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

CVE-2020-1745

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery Add Admin Author: Besim ALTINOK Vendor Homepage: https://www.maiansupport.com Software Link: https://www.maiansupport.com/zip.html Version: v4.3 Tested on: Xampp Credit:...

File upload vulnerability exists in CRMEB Open Edition V2.6.13.

CRMEB mall system is based on ThinkPhp6.0 + Vue development of a set of new retail mobile e-commerce system, CRMEB system is a set of customer relationship management + marketing e-commerce system, can quickly accumulate customers, member data analysis, intelligent conversion of customers,...

CVE-2020-11011

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8...

Design/Logic Flaw

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8...

PT-2020-12210 · Sysaid · Sysaid On-Premise

Name of the Vulnerable Software and Affected Versions: SysAid On-Premise version 20.1.11 Description: The issue allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. This is possible because, by default, the AJP...

Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-4330-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4330-1 advisory. It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. CVE-2020-706...

USN-4330-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. CVE-2020-7062 It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information...

Cross-Site Scripting (XSS)

php is vulnerable to denial of service. It was discovered that PHP did not limit the maximum number of files that can be uploaded in one request. A remote attacker could use this flaw to instigate a denial of service by causing the PHP interpreter to use lots of system resources dealing with...

Acyba AcyMailing Code Issue Vulnerability

Acyba AcyMailing is a suite of newsletter and marketing automation software from the Acyba team in France. A code issue vulnerability exists in Acyba AcyMailing versions prior to 6.9.2, which arises from improper handling of file uploads and can be exploited by a remote attacker to execute...

CVE-2020-10934

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins...

Design/Logic Flaw

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins...