Lucene search
+L

352 matches found

CNNVD
CNNVD
added 2024/02/08 12:0 a.m.5 views

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone official Docker version 5.2.13 5221, which stems from a vulnerability that allows an unauthenticated attacker to upload files to the server or delete files...

7.5CVSS7AI score0.00602EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/12/05 12:40 p.m.56 views

CVE-2023-41835

A flaw was found in struts. When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in 'struts.multipart.saveDir', even if the request has been denied...

7.5CVSS6.8AI score0.06286EPSS
Exploits0References3
OSV
OSV
added 2023/12/05 9:33 a.m.5 views

GHSA-729Q-FCGP-R5XH Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fi...

7.5CVSS6.8AI score0.06286EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2023/12/05 9:15 a.m.35 views

CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

7.5CVSS6.8AI score0.06286EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/02 1:50 p.m.18 views

CVE-2023-3744 Server-Side Request Forgery in SLiMS

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...

9.9CVSS6.8AI score0.00459EPSS
Exploits0References1
OSV
OSV
added 2023/09/30 11:15 a.m.6 views

CVE-2023-5301

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file albumadd.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed t...

8.8CVSS5.5AI score0.06187EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2023/09/22 6:12 p.m.33 views

K000136957: Apache struts vulnerability CVE-2023-41835

Security Advisory Description When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Strut...

7.5CVSS7.4AI score0.06286EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.12 views

PT-2023-4950 · Triangle Microworks · Triangle Microworks Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...

6.8CVSS7.8AI score0.01215EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/07/17 12:0 a.m.27 views

CVE-2023-38404

The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...

7.2CVSS9.1AI score0.00813EPSS
Exploits0References1
OSV
OSV
added 2023/07/13 1:15 a.m.2 views

CVE-2023-34126

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

8.8CVSS5.8AI score0.00759EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/13 12:44 a.m.9 views

CVE-2023-34126

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

6.8AI score0.00759EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/12 9:15 p.m.1 views

CVE-2023-26563

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On...

9.8CVSS7.2AI score0.01886EPSS
Exploits1References4
OSV
OSV
added 2023/07/12 9:15 p.m.3 views

CVE-2023-26563

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On...

9.8CVSS5.8AI score0.01886EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2023/05/25 9:29 a.m.53 views

USN-6054-2: Django vulnerability

USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker...

9.8CVSS7.1AI score0.0138EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/05/22 9:1 p.m.10 views

CVE-2023-2505

The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files...

7.7CVSS7.4AI score0.0032EPSS
Exploits0References2
Prion
Prion
added 2023/05/22 8:15 p.m.15 views

Command injection

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

7.5CVSS9.6AI score0.2022EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/05/22 12:0 a.m.18 views

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

9.8CVSS7.8AI score0.2022EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.8 views

F5 BIG-IQ 代码问题漏洞

F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. F5 BIG-IQ suffers from a security vulnerability that originate...

5.4CVSS5.9AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2023/04/11 4:16 a.m.2 views

CVE-2023-29186

In SAP NetWeaver BI CONT ADDON - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient administrative privileges then potentially critical OS files ca...

6.5CVSS6.5AI score0.23035EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/31 12:0 a.m.6 views

SATO America CL4NX 安全漏洞

The SATO America CL4NX is a printer from SATO America. A security vulnerability exists in versions prior to SATO America CL4NX 1.13.3-u724r2. An attacker could exploit the vulnerability to upload files and change configurations...

9.8CVSS8.4AI score0.01516EPSS
Exploits0References4
Rows per page
Query Builder