352 matches found
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...
CVE-2013-0932
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors...
CVE-2025-47793 Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file
Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud...
CVE-2025-20188
CVE-2025-20188 affects Cisco IOS XE Software for Wireless LAN Controllers (WLCs) via the Out-of-Band AP Image Download feature. The issue stems from a hard-coded JSON Web Token (JWT) on affected systems, allowing an unauthenticated, remote attacker to upload arbitrary files, perform path traversa...
CVE-2025-43947
Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...
CVE-2024-10820
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...
Cisco AsyncOS 输入验证错误漏洞
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...
WordPress WooCommerce Upload Files plugin <= 84.3 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin WooCommerce Upload Files versions = 84.3...
CVE-2024-10820
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...
CVE-2024-10820
CVE-2024-10820 : The WooCommerce Upload Files plugin for WordPress (versions ≤ 84.3) is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in upload_files(). This could allow an attacker to upload arbitrary files to the server and may enable remote code execu...
WordPress plugin WooCommerce Upload Files 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
PT-2024-16573 · WordPress · Woocommerce Upload Files
Name of the Vulnerable Software and Affected Versions: WooCommerce Upload Files plugin for WordPress versions up to, and including, 84.3 Description: The issue is related to arbitrary file uploads due to missing file type validation in the upload files function. This allows unauthenticated...
CVE-2024-38826
Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: Upgrade capi release version to 1.194.0 or...
CVE-2024-20528 Cisco Identity Services Engine Path Traversal Vulnerability
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to...
BIT-MATTERMOST-2024-43780
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.0, 9.8.x = 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel...
CVE-2024-20477
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...
WordPress plugin Advanced File Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
CVE-2024-46647
eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via uploadfiles...
eNMS 安全漏洞
eNMS is a network automation platform from eNMS Open Source. A security vulnerability exists in eNMS versions 4.4.0 through 4.7.1, which stems from vulnerability to directory traversal attacks via uploadfiles...