Apache Tomcat 9.0.0.M1 < 9.0.0.M8

The version of Tomcat installed on the remote host is prior to 9.0.0.M8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.0.m8security-9 advisory. - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before...

Amazon Linux 2 : tomcat (ALAS-2024-2517)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2517 advisory. Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

Important: tomcat

Issue Overview: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

Vesystem Cloud Desktop 代码问题漏洞

Vesystem Cloud Desktop is a cloud desktop system from China's Hexin Chuangtian Vesystem. A code issue vulnerability exists in Vesystem Cloud Desktop 20240408 and prior versions, which stems from the parameter file in the file /Public/webuploader/0.1.5/server/fileupload.php that can lead to...

PT-2024-27878 · Vesystem · Vesystem Cloud Desktop

Name of the Vulnerable Software and Affected Versions: Vesystem Cloud Desktop versions up to 20240408 Description: A critical vulnerability was found in Vesystem Cloud Desktop, affecting the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the file argument leads to...

Security Bulletin: IBM Transformation Extender Advanced is vulnerable to multiple issues due to IBM WebSphere Application Server Liberty.

Summary IBM Transformation Extender Advanced, previously known as IBM Standards Processing Engine, uses IBM WebSphere Application Server Liberty. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Sterling Partner Engagement Manager uses Apache Commons FileUpload. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by no...

Security Bulletin: Vulnerability in commons-fileupload affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-24998]

Summary The commons-fileupload package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-24998 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service...

BIT-WORDPRESS-MULTISITE-2020-11026 Specially crafted filenames in WordPress leading to XSS

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

BIT-JENKINS-2023-27900

Jenkins LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

BIT-JENKINS-2023-27901

Jenkins LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty impact IBM Common Licensing

Summary Multiple vulnerabilities in IBM WebSphere Liberty impact IBM License Key Server Administration and Reporting Tool and IBM LKS Administration Agent. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application...

GHSA-GP6M-FQ6H-CJCX Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...

Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...

Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilitiy in Apache Commons FileUpload affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache Commons FileUpload

Summary This security bulletin addresses the vulnerabilitiy in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...

CVE-2023-6282

IceHrm 23.0.0.OS contains an XSS vulnerability in /icehrm/app/fileupload_page.php caused by insufficient encoding of user-controlled input across multiple parameters. An attacker could deliver a crafted JavaScript payload to partially hijack a victim’s browser. Exploitation details are not provid...

Moderate: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2024:0474 Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

IceHrm Cross-Site Scripting Vulnerability

IceHrm is a human resource management Hrm system. The system includes features such as employee management, vacation management, and payroll management. A cross-site scripting vulnerability exists in IceHrm version 23.0.0.OS, which stems from insufficiently coded user-controlled input that can le...