209 matches found
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
This affects the package unisharp/laravel-filemanager prior to version 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload...
GHSA-364W-9G92-3GRQ Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Withdrawn This advisory has been withdrawn after the maintainers of Laravel noted this issue is not a security vulnerability with Laravel itself, but rather a userland issue. Original CVE based description Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP...
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Withdrawn This advisory has been withdrawn after the maintainers of Laravel noted this issue is not a security vulnerability with Laravel itself, but rather a userland issue. Original CVE based description Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP...
Input validation
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...
OPENSUSE-SU-2021:1424-1 Security update for civetweb
This update for civetweb fixes the following issues: Version 1.15: boo1191938 / CVE-2020-27304: missing uploaded filepath validation in the default form-based file upload mechanism New configuration for URL decoding Sanitize filenames in handle form Example “embeddedc.c”: Do not overwrite files...
ZOHO ManageEngine ADManager Plus 代码问题漏洞
Zoho ManageEngine ADManager Plus is an easy-to-use Windows Active Directory management and reporting solution. A remote code execution vulnerability exists in Zoho ManageEngine ADManager Plus Build 7111, which stems from not properly validating file uploads in the PasswordExpiry interface and can...
ZOHO ManageEngine ADManager Plus 代码问题漏洞
Zoho ManageEngine ADManager Plus is an easy-to-use Windows Active Directory management and reporting solution. A remote code execution vulnerability exists in Zoho ManageEngine ADManager Plus Build 7111, which stems from not properly validating file uploads in the Personalization interface and ca...
CVE-2021-38484
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scriptin...
Tenable Network Security Nessus 代码问题漏洞
Tenable Network Security Nessus is an open source system vulnerability scanner from US-based Tenable Network Security. A code issue vulnerability exists in Nessus Agent, which stems from the program's insufficient validation of files during file uploads, allowing a remote administrator user to...
Gallery From Files <= 1.6.0 - Unauthenticated RCE
The upload feature of the plugin does not properly check for the allowed extensions, allowing them to be set in the request and attempting to remove the dangerous ones such as .php and .js, but forgetting about .php4, .html etc. As a result, unauthenticated users could upload arbitrary .php4 file...
PT-2020-13439 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered in GitLab where the Conan package upload functionality did not properly validate the supplied...
CVE-2020-15641
CVE-2020-15641 affects Marvell QConvergeConsole 5.5.0.64. The vulnerability is a directory traversal flaw in the getFileUploadBytes method of the FlashValidatorServiceImpl class, caused by insufficient validation of a user-supplied path before file operations. This allows remote attackers to disc...
CVE-2020-12255
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to...
Unrestricted File Upload
verot/class.upload.php allows unrestricted file upload. The lack of file extension validation on file uploads allow a remote attacker to upload malicious files ending with .phar. When browsing to the uploaded file, the server executes the code in the file in the context of the server...
CVE-2018-7217
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...
Authentication flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within uploadsavedo.jsp. The issue results from the lack of proper validation of a...
Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload
This module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw...
rubygem-paperclip -- validation bypass vulnerability
Jon Yurek reports: Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check,...
HP ArcSight Logger < 6.0P1 Multiple Vulnerabilities
According to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is prior to 6.0P1. It is, therefore, affected by the following vulnerabilities : - An XXE injection vulnerability exists due to the improper verification of sources. An authenticated,...
php云人才系统 小漏洞一步步getshell(后台)
简要描述: php云人才系统 小漏洞一步步getshell,这里包含了php与mysql交互时候的特性(也算一个漏洞),还有phpyun自身图片的验证机制问题,等等,步骤比较艰辛,本来想在这里搞一个csrf呢,找了半天没有找到,到时找到一大堆xss,这里就不利用xss了,且看分析 详细说明: 首先我们做一个小测试: 对于mysql存储来说,建站者都会给每一个字段设置长度,然后当我们插入进去的数据长度超过了设置的长度,那么mysql是不会报错,然而会自然截断存储,这个就给我们编写程序的人留下了隐患。 利用场景分析...