Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 3:16 a.m.2 views

CVE-2023-27084

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter...

5.3CVSS6.2AI score0.00035EPSS
Exploits1References1
NVD
NVDadded 2024/08/22 1:15 a.m.12 views

CVE-2024-43033

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentControllerupload. NOTE: this is unrelated to the attack vector for...

8.8CVSS0.01499EPSS
Exploits1References3
CVE
CVEadded 2024/08/22 12:0 a.m.44 views

CVE-2024-43033

CVE-2024-43033 affects JPress up to version 5.1.1 on Windows, with an arbitrary file upload vulnerability that can lead to remote code execution via ::$DATA to AttachmentController#upload (e.g., a .jsp::$DATA file). This is a separate issue from CVE-2024-32358. The CVSS v3.1 base score is 8.8 (HI...

8.8CVSS7.9AI score0.01499EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2024/08/22 12:0 a.m.13 views

CVE-2024-43033

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentControllerupload. NOTE: this is unrelated to the attack vector for...

8AI score0.01499EPSS
Exploits1References3
Prion
Prionadded 2023/03/16 2:15 a.m.10 views

Design/Logic Flaw

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter...

2.4CVSS5AI score0.00035EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2023/03/16 12:0 a.m.14 views

CVE-2023-27084

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter...

5.2AI score0.00035EPSS
Exploits1References2
CVE
CVEadded 2023/03/16 12:0 a.m.70 views

CVE-2023-27084

CVE-2023-27084 concerns a permissions issue in isoftforce Dreamer CMS v4.0.1 that lets a local attacker access sensitive data via the AttachmentController parameter. The vulnerability is described as a local-attack, high confidentiality impact with medium overall CVSS (5.3) and no user interactio...

5.3CVSS4.9AI score0.00035EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2023/03/16 12:0 a.m.2 views

Dreamer CMS 安全漏洞

Dreamer CMS is a dreamer content management system by the individual developer Junnan Wang in China. A security vulnerability exists in isoftforce Dreamer CMS version v.4.0.1, which stems from a privilege vulnerability that can be exploited by a local attacker to gain access to sensitive...

5.3CVSS5.7AI score0.00035EPSS
Exploits1References3
seebug.org
seebug.orgadded 2016/10/09 12:0 a.m.69 views

FineCMS AttachmentController arbitrary file upload vulnerability

Source link: http://www.hackersb.cn/shenji/170.html Is still AttachmentController, of course, this is no longer kindeditorupload upload the file and then include the file so simple, but directly uploaded the script execution. This time the problem is ajaxswfuploadAction method, the method code is...

7AI score
Exploits0
Rows per page
Query Builder