210 matches found
Checkmk 安全漏洞
Checkmk is an editor. A security vulnerability exists in Checkmk that stems from an improperly restricted path for local uploads and downloads in the function checksftp, which allows an attacker to read and write to local files on the Checkmk site server. Affected Products and Versions:Checkmk...
Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
PT-2024-27516 · Unknown · Cym1102 Nginxwebui
Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical vulnerability was found in the cym1102 nginxWebUI, affecting unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection...
PsiTransfer: Violation of the integrity of file distribution
Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. Details Vulnerable endpoint: POST /files PoC 1. Create a file distribution. 2. Go to the link address ...
Grav File Upload Path Traversal
Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files...
PT-2024-20854 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.3.0-RC1 Description: The issue is related to an arbitrary file upload vulnerability in the component /sysFile/upload. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...
PT-2024-20226 · Jsherp · Jsherp
Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns an Arbitrary File Upload vulnerability. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulti...
CVE-2024-24000
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths...
CVE-2024-22895
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/moduleupload.php...
RRJ Nueva Ecija Engineer Online Portal Security Vulnerability
RRJ Nueva Ecija Engineer Online Portal is an online portal for engineers from RRJ Nueva Ecija. A security vulnerability exists in RRJ Nueva Ecija Engineer Online Portal version 1.0, which originates in the file /admin/uploads/ can lead to the exposure of file and directory information...
Arbitrary File Upload
dilab/resumable.php is vulnerable to Arbitrary File Upload. The vulnerability arises due to a lack of file upload path validation within Resumable.php. An attacker can arbitrarily upload any non existing file on the filesystem...
resumable.php security vulnerability
resumable.php is the PHP backend for resumable.js. A security vulnerability exists in versions of resumable.php prior to 3c6dbf5, which stems from a vulnerability that allows arbitrary files to be uploaded to any location on the filesystem via multipart/form-data...
CVE-2023-39115
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document...
CVE-2023-3798
A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /AppResource/UEditor/server/upload.aspx. The manipulation of the argument file leads to unrestricted upload. The exploit...
Chengdu Flash Flood Disaster Monitoring and Warning System 代码问题漏洞
Chengdu Flash Flood Disaster Monitoring and Warning System is a flash flood disaster monitoring and warning system in Chengdu. A code issue exists in Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0, the vulnerability stems from an unknown function in the file...
PHPOK 代码问题漏洞
PHPOK is an enterprise building system that supports expansion. PHPOK version 6.4.100 suffers from an arbitrary file upload vulnerability, which stems from admin.php?c=upload&f=zip&noCache=0.1683794968 lack of valid validation of the uploaded file. An attacker can exploit this vulnerability to...
MyBB 1.8.32 - Remote Code Execution (Authenticated) Exploit
Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE : N/A Detailed...
MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...
SUSE CVE-2021-32557
It was discovered that the processreport function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks...
Online Food Ordering System 代码问题漏洞
Online Food Ordering System is an online food ordering system by Carlo Montero, an individual developer. A security vulnerability exists in Online Food Ordering System version v2.0, which originates from an arbitrary file upload vulnerability in the component /fos/admin/ajax.php, which can be...