PHP Security Advisory - File Uploads

Problem ======== PHP supports RFC 1867 based file uploads. PHP saves uploaded files in a temporary directory on the server, using a temporary name. This temporary name is exposed to the PHP script as $FOO, where "FOO" is the name of the file input tag in the submitted form. Many PHP scripts proce...

Microsoft IIS repost.asp File Upload

The script '/scripts/repost.asp' is installed on the remote IIS web server and allows an attacker to upload arbitrary files to the '/Users' directory if it has not been configured properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael Securit...

WFTP Unpassworded Guest Account

The remote FTP server accepts any user/password combination. This can allow remote attackers to access the FTP account, which can lead to information disclosure and uploads of arbitrary files on the remote host. C Tenable Network Security, Inc. include 'compat.inc' ; if description scriptid10305;...

Unrestricted file uploads

More info at https://contao.org/en/security-advisories/unrestricted-file-uploads.html...

Unrestricted file uploads

More info at https://contao.org/en/security-advisories/unrestricted-file-uploads.html...