Woocommerce Stock Manager < 2.6.0 - CSRF to Arbitrary File Upload

The plugin is vulnerable to CSRF leading to Arbitrary File Upload due to missing nonce and file validation in the /admin/views/import-export.php file. PoC File will upload to: /wp-content/plugins/woocommerce-stock-manager/admin/views/upload/PoC.php...

Siemens Simcenter Femap

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed and may allow arbitrary remote code execution...

Adobe InCopy DOCX File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DOC...

Foxit Reader U3D File Parsing Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2021-36473)

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A security vulnerability exists in the parsing of U3D files in Foxit Reader. The vulnerability stems from the lack of proper validation of user-supplied data. The vulnerability can be exploited to obtain sensitive information ...

Cross site request forgery (csrf)

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE...

Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby

Impact An editor with write access to the Kirby Panel can upload an SVG or XML file that contains harmful content like tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script wi...

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. Note WPScanTeam: CSRF check and some file validation were added in v5.11, however a blacklist...

CVE-2021-27274

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results fr...

PT-2021-3982 · WordPress · Woocommerce Stock Manager

Name of the Vulnerable Software and Affected Versions: WooCommerce Stock Manager versions up to, and including, 2.5.7 Description: The issue is related to the implementation of the import/export functionality in the WooCommerce Stock Manager plugin for WordPress, specifically in the...

CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution...

CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution...

CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution...

CVE-2021-20671

The CVE-2021-20671 issue affects WESEEK GROWI up to version v4.2.2 and is caused by invalid file validation on the upload feature . This flaw allows a remote attacker with administrative privileges to overwrite files on the server, potentially leading to arbitrary code execution . Connected sourc...

CVE-2021-22663

Cscape All versions prior to 9.90 SP3.5 lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process...

Foxit Studio Photo 缓冲区错误漏洞

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of SR2 files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. The issue could also be exploited via a CRSF attack, as such check was also missing. PoC...

WordPress SuperForms 4.9 Shell Upload

Exploit Title: WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Exploit Author: ABDO10 Date : Jan - 28 - 2021 Google Dork : inurl:"/wp-content/plugins/super-forms/" Vendor Homepage : https://renstillmann.github.io/super-forms// Version : All = 4.9.X data in http...

Remote code execution

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

CVE-2019-18643

Rock RMS is affected by CVE-2019-18643 in versions before 8.10 and 9.0–9.3 where uploaded files are validated only via a blacklist of extensions. Attackers can bypass this by adding multiple spaces and periods after the filename, enabling upload of ASPX code and potential remote code execution, w...