Lucene search
K

3591 matches found

Prion
Prion
added 2019/09/18 12:15 p.m.17 views

Cross site scripting

Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack...

3.5CVSS5.3AI score0.00681EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/09/17 12:15 p.m.3 views

CVE-2019-15131

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could...

9.8CVSS7.4AI score0.01883EPSS
Exploits0References2
NVD
NVD
added 2019/08/27 1:15 p.m.7 views

CVE-2017-18592

The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wpupload directory for file uploads...

7.5CVSS7.7AI score0.01377EPSS
Exploits0References1
OSV
OSV
added 2019/08/27 1:15 p.m.1 views

CVE-2017-18592

The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wpupload directory for file uploads...

7.5CVSS5.8AI score0.01377EPSS
Exploits0References1
CVE
CVE
added 2019/08/27 12:7 p.m.96 views

CVE-2017-18592

The CVE-2017-18592 vulnerability affects the WordPress plugin woocommerce-catalog-enquiry (versions older than 3.1.0). The issue is an incorrect wp_upload directory used for file uploads, enabling an improper file placement path. Related sources describe this as an Arbitrary File Upload risk, wit...

7.5CVSS7.6AI score0.01377EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/08/27 12:0 a.m.4 views

WordPress wp-file-upload plugin code issue vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-file-upload is a file upload plugin used in it. A code issue vulnerability exists in the WordPress wp-file-upload plugin,...

7.5CVSS7AI score0.01389EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/16 2:44 a.m.33 views

CVE-2019-15104

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious...

9.2AI score0.07789EPSS
Exploits1References3
NVD
NVD
added 2019/08/09 2:15 p.m.20 views

CVE-2019-14794

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...

7.5CVSS7.6AI score0.01415EPSS
Exploits0References1
Prion
Prion
added 2019/08/09 2:15 p.m.13 views

Design/Logic Flaw

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...

5CVSS7.6AI score0.01415EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/09 1:33 p.m.70 views

CVE-2019-14794

CVE-2019-14794 affects the WordPress Meta Box plugin prior to version 4.16.2. The vulnerability arises from mishandling file uploads to custom folders, with a CVSS3 base score of 7.5 (network/vector, low access complexity, no privileges required, integrity impact HIGH). Public exploitation detail...

7.5CVSS7.5AI score0.01415EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/30 12:0 a.m.4 views

The vulnerability of the automated personal data management system “Tula” lies in its ability to load files of a harmful type without limitation, allowing an attacker to execute arbitrary code.

The vulnerability of the automated personal data management system “Tula” is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafted file onto the server using a specially crafted POST...

10CVSS6AI score
Exploits0Affected Software1
CNVD
CNVD
added 2019/07/23 12:0 a.m.2 views

RANGER Studio Directus Code Execution Vulnerability (CNVD-2019-39679)

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. A security vulnerability exists in the RANGER Studio Directus 7...

8.8CVSS7.6AI score0.02577EPSS
Exploits1References1
OSV
OSV
added 2019/07/19 3:15 p.m.13 views

CVE-2019-13979

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads//originals remote code execution...

8.8CVSS7.8AI score
Exploits0References2
CVE
CVE
added 2019/07/19 2:18 p.m.99 views

CVE-2019-13980

Directus 7 API (up to version 2.3.0) permits PHP uploads only when using Apache; with nginx, uploads/_/originals can lead to remote code execution. No exploitation details are provided in the given documents beyond this risk description. Remediation/patch details are not included in the connected...

8.8CVSS9AI score0.0245EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/07/10 8:15 p.m.34 views

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

7.2CVSS7AI score0.02098EPSS
Exploits0References3
Prion
Prion
added 2019/07/10 8:15 p.m.19 views

Input validation

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

6.5CVSS7AI score0.02098EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/07/10 8:15 p.m.12 views

Command injection

In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system comman...

10CVSS9.6AI score0.01858EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/07/03 12:0 a.m.3 views

Linear eMerge 50P/5000P File Upload Vulnerability

The Linear eMerge 50P/5000P is an access control security system managed through a browser from Nortek Security & Control. A file upload vulnerability exists in the Linear eMerge 50P/5000P. An attacker could use this vulnerability to upload a file with an arbitrary extension to a directory in the...

10CVSS7.2AI score0.06477EPSS
Exploits5References1
Imperva Blog
Imperva Blog
added 2019/06/27 6:54 p.m.381 views

Personalized Customer Support that Garners a Personalized Thank You

In my two-plus years as a Technical Support Engineer at Imperva, I’ve handled a wide variety of customer cases. And I’ve had the satisfaction of helping resolve them quickly and successfully. But never before have I received a handwritten thank you note from an effusive customer. Let me start at...

7.2AI score
Exploits0
OSV
OSV
added 2019/06/26 7:15 p.m.3 views

UBUNTU-CVE-2019-10134

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded...

4.2CVSS5.8AI score0.01055EPSS
Exploits0References4
Rows per page
Query Builder