Lucene search
K

107 matches found

Citrix
Citrix
added 2020/11/09 12:0 a.m.7 views

Receiver for Chrome Configuration

Receiver for Chrome Configuration Created Date: December 19, 2014 Updated Date: December 19, 2014 Description This is a tool which can be opened in any browser preferably Google Chrome. This tool can create and edit google policy and .cr configuration files easily which can be used to configure...

6.9AI score
Exploits0
NVD
NVD
added 2020/01/02 9:15 p.m.26 views

CVE-2013-1420

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to backup-edit.php; 2 title or 3 menu parameter to edit.php; or 4 path or 5 returnid parameter to filebrowser.php in admin/. NOTE: t...

6.1CVSS6.1AI score0.0106EPSS
Exploits5References3
OSV
OSV
added 2019/03/06 10:29 p.m.4 views

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...

8.8CVSS6.1AI score0.02695EPSS
Exploits1References1
OSV
OSV
added 2018/12/19 7:29 p.m.3 views

CVE-2018-19508

CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI...

4.8CVSS5.8AI score0.00559EPSS
Exploits1References1
OSV
OSV
added 2018/11/29 6:29 p.m.3 views

CVE-2018-19692

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...

9.8CVSS6.1AI score0.01521EPSS
Exploits1References1
OSV
OSV
added 2018/11/21 9:29 p.m.34 views

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

3.8CVSS6.7AI score
Exploits0References1
CNVD
CNVD
added 2018/11/13 12:0 a.m.5 views

XiaoCms File Upload Vulnerability

XiaoCms is a lightweight content management system CMS based on PHP and MySQL and capable of running on Linux, Windows and other platforms. A security vulnerability exists in the admin\controller\uploadfile.php file in XiaoCms version 20141229. A remote attacker can exploit the vulnerability by...

9.8CVSS9.4AI score0.033EPSS
Exploits1References1
Prion
Prion
added 2018/09/03 3:29 p.m.19 views

Design/Logic Flaw

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,...

4CVSS5.1AI score0.0104EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/04/07 9:29 p.m.13 views

Cross site request forgery (csrf)

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...

7.5CVSS9.8AI score0.02236EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/04/07 9:29 p.m.19 views

CVE-2018-9848

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...

9.8CVSS9.9AI score0.02236EPSS
Exploits1References1
OSV
OSV
added 2018/01/30 8:29 p.m.3 views

CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...

7.2CVSS5.8AI score0.03716EPSS
Exploits2References4
OSV
OSV
added 2018/01/30 8:29 p.m.4 views

CVE-2018-6194

A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...

4.8CVSS5.8AI score0.01028EPSS
Exploits2References4
CNVD
CNVD
added 2018/01/29 12:0 a.m.5 views

WordPress Splashing Images Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Splashing Images wp-splashing-images is used in one of the image selection plugin . A cross-site scripting...

4.8CVSS6AI score0.01028EPSS
Exploits2References1
CNVD
CNVD
added 2017/05/19 12:0 a.m.2 views

File upload vulnerability in BEESCMS admin/upload.php page

BEESCMS is a content management system. A file upload vulnerability exists in the BEESCMS admin/upload.php page, which allows attackers to exploit the vulnerability and upload a shell by modifying the filename suffix to php...

7AI score
Exploits0
seebug.org
seebug.org
added 2016/01/29 12:0 a.m.25 views

gzwyshop 时尚版 admin/upLoad_c.asp 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/04/23 12:0 a.m.4 views

SearchBlox Arbitrary File Upload Vulnerability

SearchBlox is the U.S. SearchBlox company a set of open source and free of charge based on Lucene full-text search engine toolkit to build enterprise search and analytics solutions. The program provides a Web-based management interface , you can manage the entire search system . An arbitrary file...

7.5CVSS7.6AI score0.02563EPSS
Exploits0References1
exploitpack
exploitpack
added 2010/01/21 12:0 a.m.15 views

eWebeditor - Directory Traversal

eWebeditor - Directory Traversal Application Info: Name: eWebeditor Version: all version Vulnerability Info: Type: Directory Traversal Risk: Medium Vulnerability: http://site.com/admin/ewebeditor/admin/upload.asp?id=16&dviewmode=&dir =./...

0.4AI score
Exploits0
myhack58
myhack58
added 2009/08/09 12:0 a.m.50 views

News website management system vulnerability-vulnerability warning-the black bar safety net

News website management system vulnerabilities author: xk8888888 This system has N of the Year Edition,General government, schools and enterprises with much more, Special permit: to display news NewsView. asp? NewsID= Login login. asp? id=3,The main special permit is available one has a EDIT the...

7.7AI score
Exploits0
seebug.org
seebug.org
added 2008/01/12 12:0 a.m.24 views

ewebeditor遍历路径漏洞

eWebEditor是一个所见即所得的在线编辑器。顾名思义,就是能在网络上使用所见即所得的编辑方式进行编辑图文并茂的文章、新闻、讨论贴、通告、记事等多种文字处理应用。 ewebeditor/adminuploadfile.asp 过滤不严,造成遍历路径漏洞 eWebEditor 暂无 http://www.ewebeditor.net/ ewebeditor/adminuploadfile.asp?id=14 在id=14后面添加&dir=.. 再加 &dir=../.. &dir=http://www..com/../.. 看到整个网站文件了...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2008/01/08 2:46 a.m.2 views

CVE-2007-6668

admin/uploadgames.php in MySpace Content Zone MCZ 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading 1 a .php file and 2 a .php%00.jpeg file...

7.5CVSS5.5AI score0.06356EPSS
Exploits0References5
Rows per page
Query Builder