Security Bulletin: Multiple Apache Commons FileUpload vulnerabilities affects IBM Tivoli Business Service Manager (CVE-2014-0034, CVE-2014-0050, CVE-2013-2186, CVE-2016-3092)

Summary A vulnerability has been identified in the Apache Commons FileUpload shipped with IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Apache Commons FileUpload has been published in a security bulletin. Vulnerability Details CVEID: CVE-2014-0034...

Apache Tomcat DoS Vulnerability (Apr 2014) - Linux

Apache Tomcat is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-37924

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution...

CVE-2021-37931

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution...

DRUPAL-CONTRIB-2021-029

This advisory addresses a similar issue to Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008. The GraphQL module allows file uploads through its HTTP API. The module does not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be ab...

CVE-2021-22255

SSRF in URL file upload in Baserow 1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address...

Unrestricted file upload

An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files...

CVE-2020-19303

An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file...

Apache Commons FileUpload: Multiple vulnerabilities

Background The Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to your servlets and web applications. Description Multiple vulnerabilities have been discovered in Apache Commons FileUpload. Please review the CVE identifiers referenced below...

ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The plugin contained a PHP file, allowing unauthenticated users to upload an arbitrary file anywhere on the web server. Note WPScanTeam: It's unclear which version fixed the issue exactly, however we were able to confirm the issue on version as high as v5.96 and that the related file has been...

SUSE SLES11 Security Update : jakarta-commons-fileupload (SUSE-SU-2019:14044-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14044-1 advisory. - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution CVE-2016-1000031 Note that Nessus has not tested for thi...

SUSE: Security Advisory (SUSE-SU-2019:1212-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:14044-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:0548-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

QNAP MusicStation / MalwareRemover File Upload / Command Injection Vulnerabilities

QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...

CVE-2021-31542

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...

Security Bulletin: Vulnerability in WebSphere Application Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-3092)

Summary Apache Commons Fileupload vulnerability in WebSphere Application Server bundled with IBM Jazz Team Server based Applications affects multiple products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-3092)

Summary IBM WebSphere Application Server is shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: DataQuant for WebSphere is affected by a vulnerability in Apache Commons FileUpload (CVE-2014-0050)

Summary Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an...