Lucene search
K

181 matches found

Positive Technologies
Positive Technologies
added 2023/05/27 12:0 a.m.5 views

PT-2023-22225 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 11.6 Description: A problematic issue affects the Picture Upload Handler component, specifically the file member.php, where the manipulation of the oldpic argument leads to denial of service. The attack can be initiated remotel...

6.5CVSS7AI score0.0087EPSS
Exploits1References6
OSV
OSV
added 2023/05/11 8:15 a.m.7 views

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS6.3AI score0.07008EPSS
Exploits1References3
NVD
NVD
added 2023/05/11 8:15 a.m.20 views

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS7.3AI score0.07008EPSS
Exploits1References3
Prion
Prion
added 2023/05/11 8:15 a.m.20 views

Command injection

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

6.5CVSS8.9AI score0.07008EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/05/11 7:31 a.m.171 views

CVE-2023-2647

Weaver E-Office 9.5 is affected by a command-injection vulnerability in the File Upload Handler, specifically the /webroot/inc/utility_all.php file. The issue allows remote exploitation and has been publicly disclosed. Multiple connected sources consistently identify the vulnerable component as t...

8.8CVSS7.8AI score0.07008EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.12 views

PT-2023-20660 · Unknown · Weaver E-Office

Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: A critical issue was found in the File Upload Handler component, specifically in the /webroot/inc/utility all.php file, which leads to command injection. This issue can be exploited remotely. The vendo...

8.8CVSS6.9AI score0.07008EPSS
Exploits1References5
Veracode
Veracode
added 2023/04/10 4:35 a.m.22 views

Path Traversal

github.com/sjqzhang/go-fastdfs is vulnerable to Path Traversal. The vulnerability exists because the Upload function of fileserver.go does not properly check custom paths, which allows an attacker to access files outside the expected directory through the /group1/upload in the File Upload Handler...

9.8CVSS8.8AI score0.03524EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/04/02 12:30 p.m.15 views

GHSA-XQ3X-GRRJ-FJ6X sjqzhang go-fastdfs vulnerable to path traversal

sjqzhang go-fastdfs up to 1.4.3 is vulnerable to path traversal in the function upload of the file /group1/upload of the component File Upload Handler. The attack may be launched remotely and the exploit has been disclosed to the public and may be used...

9.8CVSS8.4AI score0.03524EPSS
Exploits1References7
NVD
NVD
added 2023/04/02 11:15 a.m.16 views

CVE-2023-1800

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

9.8CVSS7.8AI score0.03524EPSS
Exploits1References3
OSV
OSV
added 2023/04/02 11:15 a.m.14 views

CVE-2023-1800

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

9.8CVSS9.8AI score
Exploits0References3
Prion
Prion
added 2023/04/02 11:15 a.m.15 views

Path traversal

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

7.5CVSS9.5AI score0.03524EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/04/02 10:31 a.m.37 views

CVE-2023-1800 sjqzhang go-fastdfs File Upload uploa upload path traversal

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

7.5CVSS9.8AI score0.03524EPSS
Exploits1References3
OSV
OSV
added 2023/03/30 11:15 p.m.22 views

CVE-2023-1746

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to...

5.4CVSS6.5AI score0.00604EPSS
Exploits1References3
Prion
Prion
added 2023/03/30 11:15 p.m.22 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to...

4CVSS5.3AI score0.00604EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/03/30 11:0 p.m.29 views

CVE-2023-1746 Dreamer CMS File Upload cross site scripting

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to...

4CVSS5.5AI score0.00604EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.6 views

Dreamer CMS 跨站脚本漏洞

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS 3.5.0 and earlier versions, which stems from a problem with the component File Upload Handler that can lead to cross-site scripting...

5.4CVSS4.3AI score0.00604EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/03/30 12:0 a.m.5 views

PT-2023-17211 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS versions up to 3.5.0 Description: A problematic issue was found in the File Upload Handler component, leading to cross site scripting. The manipulation can be launched remotely, affecting an unknown function. Recommendations: For...

5.4CVSS6.3AI score0.00604EPSS
Exploits1References7
Snyk
Snyk
added 2022/12/08 11:30 p.m.2 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occu...

6.1CVSS5.3AI score0.00939EPSS
Exploits0References2
OSV
OSV
added 2022/12/08 11:30 p.m.29 views

GHSA-GG8R-XJWQ-4W92 Cross-site scripting vulnerability in TinyMCE alerts

Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...

5.4CVSS5.9AI score0.00939EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/12/08 9:29 p.m.34 views

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

5.4CVSS6.4AI score0.00939EPSS
Exploits0References6
Rows per page
Query Builder