Design/Logic Flaw

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads...

CVE-2015-8003

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads...

CVE-2015-8003

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads...

CVE-2015-8003

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads...

CVE-2015-8003

MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 are affected by CVE-2015-8003 due to lack of throttling for file uploads, allowing remote authenticated users to impact via multiple uploads. This is corroborated by NVD and OpenVAS/Nessus references showing the same C...

Updated roundcubemail packages fix security vulnerability

The roundcubemail package has been updated to version 1.0.7, which fixes a XSS issue in drag-n-drop file uploads and other bugs. See the upstream release announcement for more details...

openSUSE Security Update : roundcubemail (openSUSE-2015-699)

roundcubemail was updated to version 1.0.7 to fix two security issues. These security issues were fixed : - XSS issue in drag-n-drop file uploads - Disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder...

Red Hat Enterprise Application Platform Cross-Site Request Forgery Vulnerability

Red Hat Enterprise Application Platform is the United States Red Hat Red Hat, Inc. of a set of open source , J2EE-based middleware platform , which is mainly used to build, deploy and host Java applications and services. A cross-site request forgery vulnerability exists in Red Hat Enterprise...

PT-2015-2597 · Red Hat · Red Hat Jboss Enterprise Application Platform +1

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Application Platform versions prior to 6.4.4 WildFly versions prior to 2.0.0.CR9 Description: A cross-site request forgery CSRF issue in the Web Console allows remote attackers to hijack the authentication of administrators...

FreeBSD : mediawiki -- multiple vulnerabilities (b973a763-7936-11e5-a2a1-002590263bf5)

MediaWiki reports : Wikipedia user RobinHood70 reported two issues in the chunked upload API. The API failed to correctly stop adding new chunks to the upload when the reported size was exceeded T91203, allowing a malicious users to upload add an infinite number of chunks for a single file upload...

X2Engine X2CRM Input Validation Vulnerability

X2Engine X2CRM is the United States X2Engine company's set of open source customer relationship management program CRM. An incomplete blacklist vulnerability exists in the FileUploadsFilter class in the protected/components/filters/FileUploadsFilter.php script in X2Engine X2CRM versions prior to...

CVE-2015-5074

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension...

万户ezOFFICE smartUpload.jsp 任意文件上传漏洞

No description provided by source...

UBUNTU-CVE-2015-6658

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

Cross site scripting

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

CVE-2015-6660

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."...

HTTPie - a CLI, cURL-like tool for humans

HTTPie pronounced aych-tee-tee-pie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output...

Oracle Endeca Information Discovery Integrator ETL Server UploadFileContent Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists within the handling of file uploads using...

Multiple Vulnerabilities in the D-Link DSP-W

The D-Link DSP w110 is an outlet that controls the power switch wirelessly. The D-Link DSP-W has multiple security vulnerabilities that could be exploited by attackers to bypass security restrictions, obtain sensitive information, and arbitrarily upload files...

CVE-2015-0739

The Lights-Out Management LOM implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller BMC file uploads via unspecified vectors, aka Bug ID CSCus87938...