CVE-2020-36882 Flexsense DiskBoss Application Crash Denial of Service

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application...

Malicious Package Injection

DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...

EUVD-2019-6315

Malware in sbrugna...

The vulnerability of the software for the Zoho ManageEngine ServiceDesk Plus IT support service lies in the lack of restrictions on file uploads, allowing attackers to upload any files they desire.

The vulnerability of the Zoho ManageEngine ServiceDesk Plus software lies in the lack of restrictions on the upload of files. Exploiting this vulnerability allows a malicious actor to upload any files using the login page settings...

File Upload Vulnerability in SentCMS Web Management System

SentCMS website management system is a simple and easy-to-use website management system created by Nanchang Tengshu Technology Co. A file upload vulnerability exists in SentCMS, which can be exploited by attackers to upload scripts and gain control of the web server...

jQuery Image Upload Vulnerability

jQuery is an American programmer John Resig developed a set of open source, cross-browser JavaScript library . There is a security vulnerability in jQuery. Since jQuery's jqueryuploadcrop fails to restrict the format of uploaded images, an attacker can exploit this vulnerability to upload specifi...

CVE-2014-4872

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to 1 FileStorageService or 2 ConfigurationService...