DEBIAN-CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

AZL-44598 CVE-2019-13464 affecting package mod_security_crs 3.0.0-11

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-12744

SeedDMS prior to 5.1.11 is affected by CVE-2019-12744 due to an unvalidated file upload of PHP scripts, enabling Remote Command Execution over the network. The root cause is the upload of PHP-backdoor-like content into documents, allowing execution of arbitrary commands on the server when the upl...

Prima Systems FlexAir Script Upload Execution Vulnerability

Prima Systems FlexAir is an access control system from Prima Systems in Slovenia. A security vulnerability in Prima Systems FlexAir when configuring the main central controller allows remote attackers to exploit the vulnerability by submitting a special Python script request that can execute...

CVE-2019-9189

Summary of CVE-2019-9189 (FlexAir): Prima Systems FlexAir, versions 2.4.9api3 and earlier, allows uploading arbitrary Python scripts when configuring the main central controller. These scripts can be executed immediately with root privileges, enabling an authenticated attacker to gain full system...

Arbitrary File Upload Vulnerability in Employment Information Network

Huimeng Software is committed to improving the information management level of enterprises or government organizations through professional products and services. The Employment Information Network has an arbitrary file upload vulnerability that can be exploited by an attacker to log in to the...

CVE-2013-7465

Ice Cold Apps Servers Ultimate 6.0.212 does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts...

File upload vulnerability in XiaoCms Enterprise Website Edition (XiaoCms企业建站版)

Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XiaoCms Enterprise Website Builder has a file upload vulnerability that can be exploited by attackers to upload malicious scripts to gain administrator privileges...

HongCMS Arbitrary Script File Upload Vulnerability

HongCMS is an open source lightweight content management system CMS. HongCMS 3.0.0 suffers from an arbitrary script file upload vulnerability. An attacker can exploit this vulnerability by uploading arbitrary script files via admin/index.php/template/upload URI to execute PHP code...

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

MyBiz MyProcureNet Arbitrary File Upload Vulnerability

MyBiz MyProcureNet is a procurement process automation solution from MyBiz Solutions Malaysia. A security vulnerability exists in MyBiz MyProcureNet version 5.0.0, which originates from an attacker being able to adjust the 'HiddenFieldControlCustomWhiteListedExtensions' parameter and add arbitrar...

SAP Solution Manager Incident Management Work Center Cross-Site Scripting Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

Vehicle Sales Management System - Multiple Vulnerabilities

Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link: https://sourceforge.net/projects/vsms-php/?source=typredirect Version: 07/2017 possible v1.2 Tested on:...

CVE-2017-16251

A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of th...

File Renaming Vulnerability in CMS Made Simple v2.2.5

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engines. A file renaming vulnerability exists in CMS Made Simple v2.2.5 due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to...

CVE-2017-9655

A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a...

CVE-2017-9655

A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a...

Multiple vulnerabilities in phpcms V9 front and backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9.6.3 backend has a reflective XSS and SQL injection vulnerability that can bypass the CSRF defense and upload any script file under certain conditions...