PT-2025-5672 · Uniapi · Uniapi

Name of the Vulnerable Software and Affected Versions: uniapi version 1.0.7 Description: The issue concerns code introduced in a specific version of the software that executes upon import of the module. This code downloads a script from a remote URL and then executes the downloaded script in a...

CVE-2016-6342

elog 3.1.1 allows remote attackers to post data as any username in the logbook...

Directory traversal

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...

CVE-2012-2627

d4d/uploader.php in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-862-1)

Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dbareplace function. If a script passed untrusted input to the dbareplace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. CVE-2008-7068 It was...