PT-2024-31989 · Ypay · Ypay

Name of the Vulnerable Software and Affected Versions: YPay version 1.2.0 Description: An arbitrary file upload vulnerability allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php, which is called from app/admin/controller/ypay/Home.php. The fi...

MISP Code Issue Vulnerability

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A code issue vulnerability exists in versions of MISP prior to 2.4.184, which stems from ...

Stud.IP Cross-Site Scripting Vulnerability

Stud.IP is an open source learning and information management system for universities, education and applications from Sourceforge. A cross-site scripting vulnerability exists in Stud.IP versions prior to 5.3.4, 5.2.6, 5.1.7, and 5.0.9, which stems from the fact that uploadaction, editaction in t...

X-Cart Remote Code Execution Vulnerability

X-Cart is e-commerce PHP shopping cart software. X-Cart suffers from a remote code execution vulnerability due to the application failing to check remote file extensions before saving locally. An attacker could exploit the vulnerability to gain vendor access or higher privileges...

CVE-2011-3012

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates...