5 matches found
CVE-2025-13516
The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's savefile function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessibl...
PRIMX ZONECENTRAL 安全漏洞
PRIMX ZONECENTRAL is an application from PRIMX, Inc. uses encryption to provide confidentiality services that apply to all documents in an organization. A security vulnerability exists in PRIMX ZONECENTRAL version 2024.3 and earlier and Q.2021.2 and earlier, which stems from the fact that a...
CVE-2024-27115
CVE-2024-27115 corresponds to an authenticated RCE in SOPlanning via PHP file upload. The nuclei template specifies exploitation of SOPlanning 1.52.01 through authenticated file upload, enabling an attacker to upload and execute PHP code. Remediation is to upgrade to a version newer than 1.52.01,...
The vulnerability of the conf_id parameter in the TrueConf Server software lies in the possibility of bypassing the path in the script /client/upsld/v1. This allows a perpetrator to execute arbitrary code by writing a specially crafted php file into a folder accessible through the web interface.
The vulnerability of the confid parameter in the TrueConf Server software relates to the possibility of bypassing the path in the script /client/upsld/v1. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by writing a specially crafted php file to a folder accessibl...
Insecure Session Management
github.com/astaxie/beego uses an insecure session management. The excessive permissions configured on session files allows a local attacker to manipulate and modify session files before the application creates it in the world-accessible folder...