5 matches found
CVE-2024-8378 Safe SVG < 2.2.6 - Author+ SVG Sanitisation Bypass
The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...
MachForm 4.2.3 - SQL Injection Path Traversal Upload Bypass
MachForm 4.2.3 - SQL Injection Path Traversal Upload Bypass Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin...
dirLIST 0.3.0 - Arbitrary File Upload
dirLIST 0.3.0 - Arbitrary File Upload + + Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DIRLIST-FILE-UPLOAD-BYPASS-CMD-EXEC.txt + ISR: Apparition + Vendor: =============== sourceforge.net Product: =============== dirList...
dirList 0.3.0 File Upload / Command Execution
Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DIRLIST-FILE-UPLOAD-BYPASS-CMD-EXEC.txt + ISR: Apparition + Vendor: =============== sourceforge.net Product: =============== dirList v0.3.0 Download: ===========...
dirLIST 0.3.0 - Arbitrary File Upload
Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DIRLIST-FILE-UPLOAD-BYPASS-CMD-EXEC.txt + ISR: Apparition + Vendor: =============== sourceforge.net Product: =============== dirList v0.3.0 Download: ===========...