51 matches found
Dascom eZiosuite 代码问题漏洞
Dascom eZiosuite is a management system from the Chinese company Dascom. A security vulnerability exists in Dascom eZiosuite version 2.0.7, which can be exploited by attackers to upload arbitrary files...
CVE-2021-45428
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-13871 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker...
CVE-2021-3277
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files...
CVE-2020-4928
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705...
CVE-2020-4470
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725...
Zucchetti InfoBusiness Cross-Site Request Forgery Vulnerability
Zucchetti InfoBusiness is a business intelligence solution that uses multiple data to generate reports to measure company trends. A cross-site request forgery vulnerability exists in Zucchetti InfoBusiness 4.4.1 and earlier versions. An attacker can exploit this vulnerability to upload arbitrary...
Sourcecodester Restaurant Management System Code Issue Vulnerability
Sourcecodester Restaurant Management System is a restaurant management system. A code issue vulnerability exists in version 1.0 of the Sourcecodester Restaurant Management System, which arises from a failure of the program to properly process user-submitted input and can be exploited by an attack...
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter...
CVE-2018-19104
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges...
ATutor LMS install_modules.php CSRF Remote Code Execution Vulnerability
ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site request forgery vulnerability exists in the installmodules.php file in versions prior to...