44 matches found
CVE-2019-10271
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged user...
Voyager 1.1.3 Shell Upload
Exploit Title: Voyager 1.1.3 - Arbitrary File Upload Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Poc Video: https://youtu.be/5GnHbFqRP9M Vendor Homepage: https://laravelvoyager.com/ Software Link:...
Responsive File Manager 9.13.1 File Disclosure
Responsive Filemanager v 9.13.1 1 Author: Silton Santos ===== Table of Contents =================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Overview =================================== System affected : Responsive Filemanager...
CVE-2018-9848
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...
CVE-2018-6580
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request...
Ruby on Rails vulnerable to code injection
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...
CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...
DEBIAN-CVE-2016-3088
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
WordPress Music Theme - Full Path Disclosure
Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the theme...
WordPress Appius Theme - Full Path Disclosure
Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the theme...
WordPress MoneyMasters Theme - Full Path Disclosure
Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the theme...
WordPress One Page Website Theme - Full Path Disclosure
Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the theme...
Design/Logic Flaw
WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message...
CVE-2012-5574
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request...
CVE-2012-5574
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request...
CVE-2012-0364
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495...
Design/Logic Flaw
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495...
CVE-2012-0364
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495...
Path traversal
The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...
CVE-2011-2202
CVE-2011-2202 details (from provided sources): In PHP before 5.3.7, rfc1867_post_handler in main/rfc1867.c does not properly restrict filenames in multipart/form-data POST requests, enabling remote attackers to perform absolute path traversal via a crafted upload and possibly create or overwrite ...