1046 matches found
SUSE CVE-2017-1000394
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...
Fixed in Apache Tomcat 8.5.85
Important: Apache Tomcat denial of service CVE-2023-24998 Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload...
PT-2023-2276
Name of the Vulnerable Software and Affected Versions Apache Commons FileUpload versions prior to 1.5 Description The issue is related to the unlimited distribution of resources, which can be exploited by an attacker to trigger a denial of service DoS with a malicious upload or series of uploads...
Fixed in Apache Tomcat 10.1.5
Important: Apache Tomcat denial of service CVE-2023-24998 Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload...
Fixed in Apache Tomcat 9.0.71
Important: Apache Tomcat denial of service CVE-2023-24998 Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload...
Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)
Summary Apache Commons Fileupload is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastucture. Information about security vulnerabilities affecting Apache Commons Fileupload has been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-2186...
Security Bulletin: Security vulnerability in Apache Commons FileUpload might affect IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2016-1000031)
Summary A vulnerability for Apache Commons FileUpload before 1.3.3 has been reported which allows a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in certain products, could allow a remote...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Intelligent Operations Center products (CVE-2016-3092)
Summary IBM WebSphere Application Server is shipped as a component of IBM Intelligent Operations Center and related products. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-3092...
GHSA-FXF3-WX3C-76PF Shopware vulnerable to Cross-site Scripting
In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...
Arbitrary file write in Apache Commons Fileupload
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +5777 more potentially affected by CVE-2013-2186 via commons-fileupload:commons-fileupload (>=1.0 <=1.3.1-jenkins-2)
commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =1.0, =1.0, =3.1.1, =0.0.1, =0.3.15 and more Source cves: CVE-2013-2186 Source advisory: OSV:GHSA-QX6H-9567-5FQW...
GHSA-QX6H-9567-5FQW Arbitrary file write in Apache Commons Fileupload
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
GHSA-F7F6-XRWC-9C57 Improper Input Validation in Jenkins
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...
GHSA-VM69-474V-7Q2W Incorrect Default Permissions in Apache Commons FileUpload
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +3081 more potentially affected by CVE-2013-0248 via commons-fileupload:commons-fileupload (>=1.0 <=1.2.1)
commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =1.0, =3.1.1, =0.0.1, =1.2.1, =0.0.2, =0.0.2, =0.0.2, =2.2.4 and more Source cves: CVE-2013-0248 Source advisory: OSV:GHSA-VM69-474V-7Q2W...
Incorrect Default Permissions in Apache Commons FileUpload
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit and writeup...
Arbitrary File Upload
express-fileupload is vulnerable to arbitrary file upload. It does not restrict an attacker from uploading a malicious PHP file to execute arbitrary code...
Express-FileUpload Arbitrary File Overwrite
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. This vulnerability is debated by the package author...
@aarconada/urserver (>=0.0.1 <=0.0.990), @alterior/core (>=0.0.1 <=2.0.0-b1) +195 more potentially affected by CVE-2022-27261 via express-fileupload (>=0.0.5 <=1.3.1)
express-fileupload NPM version =0.0.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.155, =2.0.0-alpha.0, =1.0.0, =0.12.0, =0.0.2-90, =0.0.1-alpha.151, =0.0.1-alpha.44, =0.0.1, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2022-27261 Source advisory: OSV:GHSA-W4M6-X6C2-J5C9...