20 matches found
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
EUVD-2019-3918
Malware in sbrugna...
EUVD-2022-38455
Malicious code in bioql PyPI...
CVE-2019-12277
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname...
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
Design/Logic Flaw
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
CVE-2022-35569
Blogifier v3.0 contains an arbitrary file upload vulnerability at /api/storage/upload/PostImage that can allow attackers to execute arbitrary web scripts or HTML via a crafted file. The issue is documented across multiple sources (e.g., NVD and Red Hat CVE pages) with the root cause being an unse...
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
Blogifier 跨站脚本漏洞
Blogifier is a lightweight open source blogging system written in ASP.NET Core. A security vulnerability exists in Blogifier version 3.0, which originates from a file upload vulnerability in the /api/storage/upload/PostImage page. An attacker can exploit this vulnerability to execute arbitrary we...
GHSA-QCX4-GFH8-W5P5 Blogifier does not properly restrict APIs
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname. The issue is patched in the 2.4 branch, but 2.5.5 is the lowest available patched version on https://www.nuget.org/packages/Blogifier.Core...
Blogifier does not properly restrict APIs
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname. The issue is patched in the 2.4 branch, but 2.5.5 is the lowest available patched version on https://www.nuget.org/packages/Blogifier.Core...
Unrestricted API
Blogifier uses an unrestricted API. A lack of validation in the pathname allows an unauthenticated remote attacker to gain access to the unprotected API and perform unauthorized actions...
CVE-2019-12277
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname...
CVE-2019-12277
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname...
Design/Logic Flaw
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname...
CVE-2019-12277
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, due to missing checks for .. in a pathname. This creates an unrestricted API exposure that could allow an unauthenticated remote attacker to perform unauthorized actions via the API. The issue is patched in the 2.4 branch, with 2.5....
CVE-2019-12277
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname...
Blogifier design flaws
Blogifier is a lightweight open source blog system written using ASP.NET Core . Blogifier 2.3 prior to 2019-05-11 fails to restrict the API properly, as shown by the lack of a check in the pathname for... The check shown in the...