Lucene search
K

210 matches found

CNNVD
CNNVD
added 2024/05/29 12:0 a.m.6 views

Checkmk 安全漏洞

Checkmk is an editor. A security vulnerability exists in Checkmk that stems from an improperly restricted path for local uploads and downloads in the function checksftp, which allows an attacker to read and write to local files on the Checkmk site server. Affected Products and Versions:Checkmk...

8.8CVSS6AI score0.00475EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2024/05/23 12:0 a.m.8 views

Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS6.9AI score0.17537EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/04/13 12:0 a.m.5 views

PT-2024-27516 · Unknown · Cym1102 Nginxwebui

Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical vulnerability was found in the cym1102 nginxWebUI, affecting unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection...

9.8CVSS7.1AI score0.02891EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2024/04/05 5:15 p.m.39 views

PsiTransfer: Violation of the integrity of file distribution

Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. Details Vulnerable endpoint: POST /files PoC 1. Create a file distribution. 2. Go to the link address ...

6.5CVSS7.2AI score0.00524EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/22 4:29 p.m.34 views

Grav File Upload Path Traversal

Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files...

8.8CVSS9.4AI score0.60585EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-20854 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.3.0-RC1 Description: The issue is related to an arbitrary file upload vulnerability in the component /sysFile/upload. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS7.8AI score0.00783EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.6 views

PT-2024-20226 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns an Arbitrary File Upload vulnerability. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulti...

9.8CVSS9.2AI score0.0064EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/02/06 12:0 a.m.33 views

CVE-2024-24000

jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths...

9.7AI score0.0064EPSS
Exploits0References2
OSV
OSV
added 2024/01/22 3:15 p.m.4 views

CVE-2024-22895

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/moduleupload.php...

8.8CVSS5.8AI score0.00767EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/01/02 12:0 a.m.4 views

RRJ Nueva Ecija Engineer Online Portal Security Vulnerability

RRJ Nueva Ecija Engineer Online Portal is an online portal for engineers from RRJ Nueva Ecija. A security vulnerability exists in RRJ Nueva Ecija Engineer Online Portal version 1.0, which originates in the file /admin/uploads/ can lead to the exposure of file and directory information...

5.3CVSS6.7AI score0.00784EPSS
Exploits1References4
Veracode
Veracode
added 2023/12/28 10:49 a.m.19 views

Arbitrary File Upload

dilab/resumable.php is vulnerable to Arbitrary File Upload. The vulnerability arises due to a lack of file upload path validation within Resumable.php. An attacker can arbitrarily upload any non existing file on the filesystem...

8.1CVSS6.8AI score0.00712EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.3 views

resumable.php security vulnerability

resumable.php is the PHP backend for resumable.js. A security vulnerability exists in versions of resumable.php prior to 3c6dbf5, which stems from a vulnerability that allows arbitrary files to be uploaded to any location on the filesystem via multipart/form-data...

8.1CVSS6.9AI score0.00712EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/08/16 3:15 p.m.4 views

CVE-2023-39115

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document...

9.8CVSS7.3AI score0.04623EPSS
Exploits5References5
OSV
OSV
added 2023/07/20 10:15 p.m.2 views

CVE-2023-3798

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /AppResource/UEditor/server/upload.aspx. The manipulation of the argument file leads to unrestricted upload. The exploit...

9.8CVSS6AI score0.00775EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.5 views

Chengdu Flash Flood Disaster Monitoring and Warning System 代码问题漏洞

Chengdu Flash Flood Disaster Monitoring and Warning System is a flash flood disaster monitoring and warning system in Chengdu. A code issue exists in Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0, the vulnerability stems from an unknown function in the file...

9.8CVSS6.4AI score0.00832EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.4 views

PHPOK 代码问题漏洞

PHPOK is an enterprise building system that supports expansion. PHPOK version 6.4.100 suffers from an arbitrary file upload vulnerability, which stems from admin.php?c=upload&f=zip&noCache=0.1683794968 lack of valid validation of the uploaded file. An attacker can exploit this vulnerability to...

8.8CVSS7.5AI score0.00694EPSS
Exploits1References4
0day.today
0day.today
added 2023/04/03 12:0 a.m.247 views

MyBB 1.8.32 - Remote Code Execution (Authenticated) Exploit

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE : N/A Detailed...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/03 12:0 a.m.363 views

MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...

7.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.5 views

SUSE CVE-2021-32557

It was discovered that the processreport function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks...

7.1CVSS7.2AI score0.0039EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.5 views

Online Food Ordering System 代码问题漏洞

Online Food Ordering System is an online food ordering system by Carlo Montero, an individual developer. A security vulnerability exists in Online Food Ordering System version v2.0, which originates from an arbitrary file upload vulnerability in the component /fos/admin/ajax.php, which can be...

9.8CVSS8.9AI score0.01071EPSS
Exploits1References2
Rows per page
Query Builder