EMC VMAX VASA Provider Virtual Appliance File Upload RCE

The EMC VMAX VASA Provider Virtual Appliance running on the remote host is affected by a remote code execution vulnerability in the UploadConfigurator servlet due to a failure to restrict file uploads to arbitrary directories. An unauthenticated, remote attacker can exploit this issue to upload...

Authorization Bypass

Drupal is vulnerable to authorization bypass. Through the File module, attackers are able to view, delete, or substitute links to a file uploaded to a form that has yet to be processed. If this attack is done continuously, file uploads to the application may be blocked by deleting files before th...

Sanitization Bypass

Moodle is vulnerable to sanitization bypass. The library does not filter file names of submissions when multiple files are uploaded. This can allow a malicious user to bypass the sanitization checks...

CVE-2017-9248

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...

CVE-2017-9248

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...

CVE-2017-9248

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...

CVE-2017-9840

Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application...

File upload vulnerability in finecms latest version v5.0.8

FineCMS is a content management system based on PHP+MySql. A file upload vulnerability exists in the swfupload function in Api.php in FineCMS version 5.0.8, which can be exploited by remote attackers to upload arbitrary files...

File Upload Vulnerability in FinecmsV5.0.8

FineCMS is a content management system based on PHP+MySql. A file upload vulnerability exists in Finecms V5.0.8, which exists in the file finecms\dayrui\controllers\Api.php. An attacker can exploit the vulnerability to upload arbitrary files...

DEBIAN-CVE-2017-9061

In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...

UBUNTU-CVE-2017-9061

In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...

PT-2017-16779

Name of the Vulnerable Software and Affected Versions rubyzip gem versions prior to 1.2.1 Description The Zip::File component in the rubyzip gem has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname...

CVE-2016-0214

IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file...

CVE-2016-8938

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications...

The vulnerability of the CODESYS Runtime Toolkit execution environment allows a perpetrator to execute arbitrary commands and load arbitrary files.

The vulnerability of the CODESYS Runtime Toolkit lies in the absence of requirements for authentication procedures in the default configuration. Exploiting this vulnerability allows a malicious actor to execute commands through the command line interface and upload arbitrary files...

File Upload Vulnerability in Jtbccms V1.0

Jtbccms is a website system that can expand and clone existing modules. A file upload vulnerability exists in version 1.0 of jtbccms. Due to the background file management office did not verify the uploaded files, resulting in the upload of arbitrary files, serious server privileges can be obtain...

CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally,...

Security update for Mozilla Firefox (important)

Mozilla Firefox was updated to 49.0.2 to fix two security issues and some bugs. The following vulnerabilities were fixed: CVE-2016-5287: Crash in nsTArraybase bsc1006475 CVE-2016-5288: Web content can read cache entries bsc1006476 The following changes and fixes are included: Asynchronous renderi...

Webform - Less Critical - Access Bypass - SA-CONTRIB-2016-053

This module provides a user interface to create and configure forms called Webforms. When using forms with private file uploads, Webform wasn't explicitly denying access to files it managed which could allow access to be granted by other modules. The vulnerability is mitigated by the fact that...

File Upload Vulnerability in Fckeditor, a Teaching Management System of Zhengfang Software Co.

The Zhengfang Academic Affairs System is a multi-module integrated information management system for all departments of the college as well as users at all levels, including academic affairs public information maintenance, student management, faculty management, etc. The system is designed to be...