CVE-2021-33698

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files including script files without the proper file format validation...

CVE-2021-33698

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files including script files without the proper file format validation...

DRUPAL-CONTRIB-2021-029

This advisory addresses a similar issue to Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008. The GraphQL module allows file uploads through its HTTP API. The module does not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be ab...

DRUPAL-CORE-2021-008

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the...

Autodesk FBX Review ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2021-029

This advisory addresses a similar issue to Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008. The GraphQL module allows file uploads through its HTTP API. The module does not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be ab...

Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the...

SUSE-SU-2021:3007-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: - Update to 2.6.27 - OpenJDK 7u311 July 2021 CPU Security fixes: - CVE-2021-2341: Improve file transfers bsc1188564 - CVE-2021-2369: Better jar file validation bsc1188565 - CVE-2021-2432: Provide better LDAP provider support bsc1188568 ...

CVE-2021-40153

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.12.7-alt1_0jpp10

Aug. 25, 2021 Andrey Cherepanov 0:11.0.12.7-alt10jpp10 - new version - security fixes: + CVE-2021-2341: Improve file transfers + CVE-2021-2369: Better jar file validation + CVE-2021-2388: Enhance compiler validation + CVE-2021-2161: Less ambiguous processing + CVE-2021-2163: Enhance opening JARs ...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2021:1176-1 Rating: important References: 1185056 1188564 1188565 1188566 Cross-References: CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVSS scores: CVE-2021-2161 NVD : 5.9...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2021:2798-1 Rating: important References: 1185056 1188564 1188565 1188566 Cross-References: CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVSS scores: CVE-2021-2161 NVD : 5.9...

Nexus Control Panel Code Issue Vulnerability

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare. A code download without integrity check vulnerability exists in Nexus Control Panel versions prior to 7.2.5.7. The vulnerability stems from no file validation during the upload of an update. No details of the...

Swisslog Healthcare Nexus Panel 数据伪造问题漏洞

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare. A code download without integrity check vulnerability exists in Nexus Control Panel versions prior to 7.2.5.7. The vulnerability stems from no file validation during the upload of an update. No details of the...

CVE-2021-34619

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file...

CVE-2021-34619

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file...

CVE-2021-34306

CVE-2021-34306 affects Siemens JT2Go (all versions < 13.2) and Teamcenter Visualization (all versions

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com...

Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

The theme's AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were...

Memory corruption

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer versions 2.1.9.95 and prior...