430 matches found
CVE-2019-13984
Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File...
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...
Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called "Plugin Vulnerabilities "—that recently gone...
Debian: Security Advisory (DLA-1707-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Bolt Arbitrary PHP Code Execution Vulnerability
Bolt is a simple CMS written in PHP. An arbitrary PHP code execution vulnerability exists in Controller/Async/FilesystemManager.php in filemanager in versions prior to Bolt 3.6.5. A remote attacker can execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...
The vulnerability of the License Manager Service, a system for automating the management of technological processes at Yokogawa companies, allows a perpetrator to execute arbitrary code.
The vulnerability of the License Manager Service, a system for automating the management of technological processes at Yokogawa, is related to errors in the checking of uploaded files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted...
Meta Box < 4.16.2 - Mishandled Uploaded Files
The Meta Box – WordPress Custom Fields Framework WordPress plugin was affected by a Mishandled Uploaded Files security vulnerability...
Woo Confirmation Email < 3.2.0 - Missing Access Controls to View Uploaded files
The User Email Verification for WooCommerce WordPress plugin was affected by a Missing Access Controls to View Uploaded files security vulnerability...
IBM Robotic Process Automation with Automation Anywhere Remote Code Execution Vulnerability
IBM Robotic Process Automation with Automation Anywhere is a process automation solution developed by IBM USA and Automation Anywhere. A remote code execution vulnerability exists in IBM Robotic Process Automation with Automation Anywhere versions 10.0 and 11.0, which stems from the program not...
The vulnerability of the Cisco IOS XE operating system’s image file verification function arises from errors during the verification of the digital signatures of files uploaded to the device. This vulnerability allows attackers to install malicious software onto vulnerable devices.
The vulnerability of the Cisco IOS XE operating system’s image file verification function arises due to errors in verifying the digital signatures of the files uploaded to the device. Exploiting this vulnerability allows a malicious actor to install malware on vulnerable devices...
CVE-2017-18103
The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...
Code injection
The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...
CVE-2017-18103
The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...
Apache Solr XML External Entity Multiple Information Disclosure Vulnerability
Apache Solr is a U.S. Apache Apache Software Foundation based on Lucene a full-text search engine architecture of the search server , which supports level search , vertical search , highlighting search results , a variety of output formats and so on. An XML External Entity Multiple Information...
CVE-2018-0573
baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors...
Authentication flaw
baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors...
BaserCMS Privilege Access Control Vulnerability
baserCMS is an enterprise-level content management system CMS. A privilege access control vulnerability exists in baserCMS versions 4.1.0.1 and earlier and 3.0.15 and earlier, which stems from the program failing to restrict access. The vulnerability can be exploited by a remote attacker to bypas...
Tenable Nessus Cross-Site Scripting Vulnerability (CNVD-2018-10667)
Tenable Network Security Nessus is a highly scalable open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability exists in Tenable Network Security Nessus versions prior to 7.1.0, which stems from the program failing to properly perform input...
openSUSE Security Update : apache2 (openSUSE-2018-438)
This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...