CVE-2018-7806

Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary uplo...

CVE-2018-19420

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g., the test or test.asdf filename, because of admin/upload-uploadify.php, and validatesafefile in...

CVE-2018-19420

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g., the test or test.asdf filename, because of admin/upload-uploadify.php, and validatesafefile in...

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

File Upload Vulnerability in YCCMS v3.3 System

YCCMS is a version of PHP5 + MYSQL as the technical basis for the development of lightweight CMS station-building system. YCCMS v3.3 system has a file upload vulnerability that can be exploited by attackers to upload arbitrary files and gain control of the web server...

CVE-2018-18373

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sbajaxaddmessage action...

JSN Framework System Plugin, 2.1.5

JSN Framework System Plugin, versions 2.1.5 and previous, unrestricted file uploads without any authorization Resolution: update to 2.1.6 Update notice: https://www.joomlashine.com/forums/jsn-extension-framework-gen-1-plugin-v2-1-6-is-released.html Users are strongly urged to update immediately...

Multiple vulnerabilities in Denbun

Overview Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Hard-coded credentials for the configuration management page CWE-798 - CVE-2018-0681 Improper session management...

Umbraco Code Execution Vulnerability

Umbraco is a Danish company Umbraco a set of use ASP.Net to build , Mysql for data storage content management system CMS. The system supports customized templates , manage users , define permissions on the content and so on. A code execution vulnerability exists in Umbraco versions prior to 7.2.0...

CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

CVE-2018-14840

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads but does block, for example, .htm file uploads...

Cross site scripting

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads but does block, for example, .htm file uploads...

CVE-2018-14840

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads but does block, for example, .htm file uploads...

CVE-2018-14840

Subrion CMS 4.2.1 contains a Cross‑Site Scripting (XSS) vulnerability in uploads/.htaccess, where the app does not block .html uploads (while blocking .htm). An attacker can upload a .html file via CKEditor/manager and trigger XSS. Public exploit entries and a related commit reference support thi...

GHSA-3Q5Q-F79Q-7HR2 High severity vulnerability that affects rubyzip

Withdrawn, accidental duplicate publish. The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the...

File Upload Vulnerability in CSCMS

CSCMS is a multi-functional network information management system developed by Chongsheng Network Technology, which uses PHP5+MYSQL as the technical basis for development. Using OOP object-oriented approach to build the basic operating framework. CSCMS v4.1 RELEASE 20170605 version of the file...

CVE-2016-9492

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

Security Bulletin: Insufficient control over MIME types in Business Process Manager (BPM) and WebSphere Lombardi Edition document feature (CVE-2014-3075)

Summary You cannot restrict file uploads by MIME type in a document list coach view. As a result, potentially malicious files, such as HTML that contains embedded JavaScript can be uploaded and run in the browser. Vulnerability Details CVE ID: CVE-2014-3075 DESCRIPTION: IBM BPM document managemen...

Dell EMC VMAX Virtual Appliance Manager Directory Traversal Remote Code Execution (CVE-2018-1215)

A directory traversal vulnerability exists in Dell EMC VMAX Virtual Appliance vApp. The vulnerability is due to improper handling of user-supplied requests for file uploads. Successful exploitation of this vulnerability could lead to arbitrary code execution...

CVE-2018-10092

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads...