Lucene search
+L

430 matches found

Cvelist
Cvelist
added 2019/07/19 2:17 p.m.21 views

CVE-2019-13984

Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File...

8.8AI score0.01608EPSS
Exploits1References2
NVD
NVD
added 2019/05/13 1:29 p.m.24 views

CVE-2018-12299

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...

5.4CVSS5.6AI score0.00649EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/05/13 12:35 p.m.25 views

CVE-2018-12299

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...

5.6AI score0.00649EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2019/04/26 11:20 a.m.1 views

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called "Plugin Vulnerabilities "—that recently gone...

7.6AI score
Exploits0
OpenVAS
OpenVAS
added 2019/03/10 12:0 a.m.106 views

Debian: Security Advisory (DLA-1707-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.58061EPSS
Exploits0References10
CNVD
CNVD
added 2019/03/08 12:0 a.m.3 views

Bolt Arbitrary PHP Code Execution Vulnerability

Bolt is a simple CMS written in PHP. An arbitrary PHP code execution vulnerability exists in Controller/Async/FilesystemManager.php in filemanager in versions prior to Bolt 3.6.5. A remote attacker can execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

8.8CVSS9.1AI score0.02661EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/02/07 12:0 a.m.8 views

The vulnerability of the License Manager Service, a system for automating the management of technological processes at Yokogawa companies, allows a perpetrator to execute arbitrary code.

The vulnerability of the License Manager Service, a system for automating the management of technological processes at Yokogawa, is related to errors in the checking of uploaded files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted...

8.1CVSS8.2AI score0.05405EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2019/02/01 12:0 a.m.13 views

Meta Box < 4.16.2 - Mishandled Uploaded Files

The Meta Box – WordPress Custom Fields Framework WordPress plugin was affected by a Mishandled Uploaded Files security vulnerability...

5CVSS2AI score0.01415EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/27 12:0 a.m.17 views

Woo Confirmation Email < 3.2.0 - Missing Access Controls to View Uploaded files

The User Email Verification for WooCommerce WordPress plugin was affected by a Missing Access Controls to View Uploaded files security vulnerability...

7.5CVSS3AI score0.01952EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/11/06 12:0 a.m.5 views

IBM Robotic Process Automation with Automation Anywhere Remote Code Execution Vulnerability

IBM Robotic Process Automation with Automation Anywhere is a process automation solution developed by IBM USA and Automation Anywhere. A remote code execution vulnerability exists in IBM Robotic Process Automation with Automation Anywhere versions 10.0 and 11.0, which stems from the program not...

9.3CVSS8AI score0.02908EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/10/11 12:0 a.m.10 views

The vulnerability of the Cisco IOS XE operating system’s image file verification function arises from errors during the verification of the digital signatures of files uploaded to the device. This vulnerability allows attackers to install malicious software onto vulnerable devices.

The vulnerability of the Cisco IOS XE operating system’s image file verification function arises due to errors in verifying the digital signatures of the files uploaded to the device. Exploiting this vulnerability allows a malicious actor to install malware on vulnerable devices...

6.7CVSS5.5AI score0.00236EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/07/18 2:29 p.m.24 views

CVE-2017-18103

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...

4.7CVSS4.7AI score0.00826EPSS
Exploits0References1
Prion
Prion
added 2018/07/18 2:29 p.m.18 views

Code injection

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...

4.3CVSS4.7AI score0.00826EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/18 2:0 p.m.21 views

CVE-2017-18103

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...

4.6AI score0.00826EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/11 12:0 a.m.5 views

Apache Solr XML External Entity Multiple Information Disclosure Vulnerability

Apache Solr is a U.S. Apache Apache Software Foundation based on Lucene a full-text search engine architecture of the search server , which supports level search , vertical search , highlighting search results , a variety of output formats and so on. An XML External Entity Multiple Information...

5.5CVSS5.2AI score0.09025EPSS
Exploits1References1
NVD
NVD
added 2018/06/26 2:29 p.m.12 views

CVE-2018-0573

baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References2
Prion
Prion
added 2018/06/26 2:29 p.m.18 views

Authentication flaw

baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors...

5CVSS5.4AI score0.01181EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/05/22 12:0 a.m.8 views

BaserCMS Privilege Access Control Vulnerability

baserCMS is an enterprise-level content management system CMS. A privilege access control vulnerability exists in baserCMS versions 4.1.0.1 and earlier and 3.0.15 and earlier, which stems from the program failing to restrict access. The vulnerability can be exploited by a remote attacker to bypas...

5.3CVSS5.7AI score0.01181EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/16 12:0 a.m.5 views

Tenable Nessus Cross-Site Scripting Vulnerability (CNVD-2018-10667)

Tenable Network Security Nessus is a highly scalable open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability exists in Tenable Network Security Nessus versions prior to 7.1.0, which stems from the program failing to properly perform input...

5.4CVSS6.8AI score0.01148EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/05/10 12:0 a.m.44 views

openSUSE Security Update : apache2 (openSUSE-2018-438)

This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...

9.8CVSS6.5AI score0.86006EPSS
Exploits0References13
Rows per page
Query Builder