PT-2024-14924 · Ice Hrm · Ice Hrm

Name of the Vulnerable Software and Affected Versions: IceHrm version 23.0.0.OS Description: The issue arises from insufficient encoding of user-controlled input, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited via the /icehrm/app/fileupload page.php...

ALSA-2024:0125 Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)

Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...

CMSMS 2.2.19 Arbitrary File Upload

Title: cmsms-2.2.19 - File Upload - RCE Author: nu11secur1ty Date: 12/29/2023 Vendor: https://www.cmsmadesimple.org/ Software: https://www.cmsmadesimple.org/downloads-header/cmsms/ Reference: https://portswigger.net/web-security/file-upload,...

Security Bulletin: Apache commons fileupload vulnerability affect embedded Content Platform Engine in IBM Business Automation Workflow - CVE-2023-24998

Summary The embedded Content Platform Engine in IBM Business Automation Workflow is affected by Apache commons fileupload vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the numb...

CVE-2023-6721

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

Design/Logic Flaw

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

CVE-2023-6721 Improper Restriction of XML External Entity Reference in Repox

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

CVE-2023-6721

CVE-2023-6721 is an XML External Entity (XXE) vulnerability in Repox that affects the XML data processing in the fileupload function, enabling a remote attacker to cause interaction with the server’s filesystem. Public sources consistently describe this as an XXE issue with high impact. CNNVD not...

PT-2023-36081 · Repox · Repox

Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: A vulnerability has been found that allows a remote attacker to interfere with the application's XML data processing in the fileupload function. This results in interaction between the attack...

tomcat: FileUpload: DoS due to accumulation of temporary files on Windows

A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be delete...

Security Bulletin: IBM Jazz Reporting Service is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by BM Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caus...

Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11.20 and earlier versions,...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Sterling B2B Integrator uses Apache Commons FileUpload. Vulnerability Details CVEID: CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By...

Oracle Linux 8 : tomcat (ELSA-2023-7065)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7065 advisory. - Resolves: 2210630 CVE-2023-28709 tomcat - Resolves: 2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure...

FileUpload: FileUpload DoS with excessive parts

A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not...

ALSA-2023:7065 Moderate: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosure CVE-2023-28708 tomcat: Fix for...

Moderate: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosure CVE-2023-28708 tomcat: Fix for...

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...