Unrestricted file upload

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...

Unrestricted file upload

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file...

Slack: Stored XSS through PDF viewer

Slack allows users to upload files to their Workspace to facilitate sharing information between team members as well as with other workspaces. In addition, with the aim of easing access to PDF files, Slack provides its own "PDF Viewer" https://app.slack.com/pdf-viewer embedded in the application...

Tecrail Responsive FileManager Code Issue Vulnerability

Tecrail Responsive FileManager is an open source file manager written in PHP by Tecrail Italy. The product supports the uploading and management of videos, images or other files. A code issue vulnerability exists in the upload.php file in Tecrail Responsive FileManager versions 9.13.4 and 9.14.0...

GUnet OpenEclass 1.7.3 E-learning platform - (month) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...

WordPress Easy Digital Downloads Upload File extension cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Upload File extension is a file upload plugin used in it. A cross-site scripting vulnerability...

CVE-2015-9530

The Easy Digital Downloads EDD Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

Design/Logic Flaw

The Easy Digital Downloads EDD Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

PT-2019-6426 · Ruijie · Ruijie Eg-2000Se

Name of the Vulnerable Software and Affected Versions: Ruijie EG-2000SE versions 11.9 B11P1 Description: The issue is related to the upload.php script in the Ruijie EG-2000SE gateway, specifically with the UploadFile class. It allows for unrestricted file upload of dangerous file types. An attack...

CVE-2018-4023

An exploitable code execution vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution...

CVE-2018-17289

An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...

CVE-2018-17289

An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...

File upload vulnerability in OFCMS backend ueditor uploadFIle

OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadFIle, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...

CVE-2019-9617

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

(0Day) Hewlett Packard Enterprise Intelligent Management Center CommonUtils unzip Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

SNDBOX: AI-Powered Online Automated Malware Analysis Platform

Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and...

CVE-2018-19423

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file...

CVE-2018-9207

Arbitrary file upload in jQuery Upload File = 4.0.2...

Default credentials

Arbitrary file upload in jQuery Upload File = 4.0.2...

CVE-2018-9207

Arbitrary file upload in jQuery Upload File = 4.0.2...