CVE-2018-7505

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

CVE-2017-5638 Apache Struts 2.3.5 2.3.31 / 2.5 2.5.1...

CVE-2018-2420

SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file including script files without proper file format validation...

Design/Logic Flaw

DISPUTED Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or...

Watchguard Hard-Coded Credentials / Failed Controls

Introduction ============ Multiple vulnerabilities can be chained together in a number of WatchGuard AP products which result in pre-authenticated remote code execution. The vendor has produced a knowledge-base article1 and announcement2 regarding these issues. ZX Security would like to commend t...

Watchguard Hard-Coded Credentials / Failed Controls Vulnerability

WatchGuard Access Points running firmware before version 1.2.9.15 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities. Introduction ============ Multiple vulnerabilities can be chained together in a number of WatchGuard AP products which...

EulerOS 2.0 SP2 : php (EulerOS-SA-2018-1097)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing a...

EulerOS 2.0 SP1 : php (EulerOS-SA-2018-1096)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing a...

Ubuntu 18.04 LTS : Apache HTTP Server vulnerabilities (USN-3627-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3627-2 advisory. USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Tenable has extracted the...

Seagate Media Server SRN21C Cross Site Scripting

------------------------------------------------------------------------ Seagate Media Server stored Cross-Site Scripting vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2017...

SAP Disclosure Management File Upload Vulnerability

SAP Disclosure Management is an automated financial disclosure management system from SAP. The system provides a collaborative financial disclosure process across teams, geographies, systems and data sources. A security vulnerability exists in SAP Disclosure Management version 10.1, which stems...

Cross site request forgery (csrf)

DISPUTED An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server...

Frog CMS Arbitrary File Upload Vulnerability

Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A security vulnerability exists in Frog CMS version 0.9.5 due to a lack of extension detection in the...

CVE-2017-15715

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2018-07306)

Adobe Connect web conferencing software service provides an immersive online meeting experience for collaboration, virtual classrooms and large-scale webinars. A cross-site scripting vulnerability exists in Adobe Connect due to the software's failure to properly restrict SWF file uploads, which...

SUSE-SU-2018:0530-1 Security update for php5

This update for php5 fixes the following issues: - CVE-2016-10712: In PHP all of the return values of streamgetmetadata could be controlled if the input can be controlled e.g., during file uploads. bsc1080234...

Design/Logic Flaw

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...