PT-2024-37828 · Nanjing Xingyuantu Technology · Sparkshop

Name of the Vulnerable Software and Affected Versions: Nanjing Xingyuantu Technology SparkShop versions up to 1.1.6 Description: A critical issue affects the processing of the file "/api/Common/uploadFile". The manipulation of the file argument leads to unrestricted upload. The attack can be...

CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

CVE-2024-3153

CVE-2024-3153 affects mintplex-labs/anything-llm. An uncontrolled resource consumption vulnerability exists in the upload file endpoint, enabling a denial of service by sending an invalid upload request. Documented impact is DOS with availability impact described; no official fix/version is provi...

IRZ RUH2 Cross-site Scripting (CVE-2021-32302)

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable...

D-Link D-View 安全漏洞

D-Link D-View is a web-based design network device management software from China's D-Link Corporation. A security vulnerability exists in D-Link D-View, which originates from an uploadFile directory traversal arbitrary file creation vulnerability...

The vulnerability of the microprogrammed software of the GL.iNet GL-AX1800 routers arises from incorrect restrictions on the path name to the restricted access catalog. This allows attackers to gain unauthorized access to protected information or execute arbitrary code.

The vulnerability of the microprogrammed software of the GL.iNet GL-AX1800 router lies in the incorrect limitation of the path name to the restricted access directory, resulting from sending a request to the final destination using the uploadfile command. By specifying the malicious file as the...

Beijing Baichuo Smart S210 Management Platform 安全漏洞

Beijing Baichuo Smart S210 Management Platform is a multi-service security gateway intelligent management platform from Beijing Baichuo, China. A security vulnerability exists in the Beijing Baichuo Smart S210 Management Platform that could allow an attacker to obtain sensitive information via th...

CVE-2024-31012

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file...

PT-2024-23725 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SEMCMS version 4.8 Description: An issue in SEMCMS allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. Recommendations: For SEMCMS version 4.8, consider disabling...

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

CVE-2023-41793 Path Traversal and Untrusted Upload File

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through 776...

CVE-2024-27957

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1...

VIVOTEK Network Camera Security Vulnerability

VIVOTEK Network Camera is a webcam from VIVOTEK. A security vulnerability exists in VIVOTEK Network Camera version v.FD8166A-VVTK-0204j, which originates from a vulnerability that allows remote attackers to execute arbitrary code via the uploadfile.cgi component...

CVE-2024-26548

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the uploadfile.cgi component...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845 Description CVE-2023-36845 represen...

openBI Code Issues Vulnerabilities

openBI is a big data visualization solution from openBI. A code issue vulnerability exists in openBI prior to version 1.0.8, which stems from a problem in the index function of the /application/plugins/controller/Upload.php file, which could lead to unrestricted file uploads...

PT-2024-13714 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An authenticated user can upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with root user privileges...

Baizhuo S210 Code Issue Vulnerability

Baizhuo S210 is an Internet Behavior Management IBM appliance from Baizhuo, China. A code issue vulnerability exists in the Baizhuo S210, which stems from the parameter fileupload in the file /Tool/uploadfile.php that can lead to unrestricted uploads...

PT-2023-32703 · Byzoro +1 · Byzoro S210 +1

Name of the Vulnerable Software and Affected Versions: Byzoro S210 up to 20231123 Beijing Baichuo S210 up to 20231123 Description: A critical vulnerability affects the HTTP POST Request Handler component, specifically the file /Tool/uploadfile.php. The manipulation of the file upload argument lea...

Apache Struts Security Vulnerabilities

Apache Struts is the United States Apache Apache Foundation of an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework product , Struts 1 and Struts 2. Apache Struts has a security...