425 matches found
Publify 跨站脚本漏洞
Publify is a simple but full-featured web publishing software. A security vulnerability exists in Publify versions v8.0 through v9.2.4, which can be exploited by attackers to inject malicious JavaScript via an uploaded html file...
CVE-2021-42671
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in niamunozmonitoringsystem/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of...
Engineers Online Portal 访问控制错误漏洞
Sourcecodester Engineers Online Portal is an open source online portal. niamunozmonitoringsystem/admin/uploads of Sourcecodester Engineers Online Portal in PHP is vulnerable to An access control error vulnerability can be exploited to bypass access control and access all files uploaded to the web...
in jspark311/buriedunderthenoisefloor
Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. https://github.com/jspark311/BuriedUnderTheNoiseFloor/ is vulnerable to remo...
GHSA-GQCF-83RQ-GPFR Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
Dswjcms 代码问题漏洞
Dswjcms is for individuals and personal lending launched a free p2p open source project , based on Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of a security vulnerability , the vulnerability stems from...
spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-39250
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
CVE-2021-39250
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
AikCms 代码问题漏洞
AikCms AikCms is a content management system CMS based on PHP and MySQL. A security vulnerability exists in AikCms version v2.0.0, which originates from uploaded files not validated in the background file management...
Nextcloud Input Validation Error Vulnerability (CNVD-2022-20701)
An input validation error vulnerability exists in Nextcloud Server, which stems from the fact that DownloadResponse does not do security checks on uploaded file names, and could be exploited to trick users into downloading malicious files with normal file name...
UBUNTU-CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
PYSEC-2021-7
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...
UBUNTU-CVE-2021-31542
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...
PT-2021-4548
Name of the Vulnerable Software and Affected Versions Django versions 2.2 through 2.2.20 Django versions 3.1 through 3.1.8 Django versions 3.2 through 3.2.0 Description The issue is related to the lack of restrictions on file uploads in the Django web application platform, specifically in the...
CVE-2021-24224
The EFBPverifyuploadfile AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE...
Directory Traversal in Django
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...
CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...
PYSEC-2021-6
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...