Apache Allura Code Issue Vulnerability

Apache Allura is a suite of open source project hosting platforms from the Apache USA Foundation. The platform supports the management of source code repositories, bug reports, wiki pages and blogs. A code issue vulnerability exists in Apache Allura versions 1.0.1 through 1.16.0, which stems from...

CVE-2024-27945

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achie...

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

Siemens RUGGEDCOM CROSSBOW 安全漏洞

Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a filename or path external control vulnerability due to a bulk import feature on the affected system that allows a privileged user to upload files to the root...

PT-2024-3687 · Siemens · Ruggedcom Crossbow

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5 Description: The issue is related to incorrect external control of a file name or path in the Firmware Upload Handler component of the RUGGEDCOM CROSSBOW system. This could allow a remote attacker to...

BIT-ESPOCRM-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

PT-2024-20199 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.2 Apache Superset versions 3.0.0, 3.0.1 Description: Uncontrolled resource consumption can be triggered by an authenticated attacker that uploads a malicious ZIP to import database, dashboards,...

Cross-site Scripting Vulnerability on Data Import

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.10.1 and was tested on version 1.9.2.post0. Overview Label Studio had a remote import feature allowed users to...

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

PT-2023-28284 · WordPress · Orders Tracking For Woocommerce

Name of the Vulnerable Software and Affected Versions: Orders Tracking for WooCommerce WordPress plugin version 1.2.5 and earlier Description: The issue allows high privilege users with the manage woocommerce capability to access any file on the web server via a Traversal attack when importing a...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles the import feature. An attacker can exploit this vulnerability to read arbitrary files on the server, including files that are not accessible to normal users...

WordPress plugin HTTP Headers SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

SUSE CVE-2016-9859

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

SUSE CVE-2018-15605

An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature...

PT-2022-25309 · Mitsubishi · Genesis64

Name of the Vulnerable Software and Affected Versions: ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 Description: The issue allows an unauthenticated attacker to create, tamper with, or destroy arbitrary files by getting a legitimate user to import a project package file crafted...

UBUNTU-CVE-2022-3067

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects'...

CVE-2022-35844

CVE-2022-35844 is a command-injection vulnerability in FortiTester’s management interface. It affects FortiTester versions 2.3.0–3.9.1, 4.0.0–4.2.0, and 7.0.0–7.1.0, caused by improper neutralization of special elements in OS commands. An authenticated attacker can execute unauthorized commands v...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...