PT-2024-26564 · Box-Im · Box-Im

Name of the Vulnerable Software and Affected Versions: Box-IM version 2.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability in the Upload function. Recommendations: For Box-IM version 2.0, consider...

PT-2023-28210 · Ca · Arcserve Udp

Name of the Vulnerable Software and Affected Versions: Arcserve UDP versions prior to 9.2 Description: The issue allows an unauthenticated remote attacker to exploit a path traversal vulnerability in the com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload function to upload arbitrary...

PT-2023-32328 · Sourcecodester · Sourcecodester File Manager App

Name of the Vulnerable Software and Affected Versions: SourceCodester File Manager App version 1.0 Description: A critical vulnerability was found in the SourceCodester File Manager App, affecting an unknown functionality of the file endpoint "add-file.php". The manipulation of the uploadedFileNa...

PT-2022-8621 · Unknown · Zhimengzhe Ibarn

Name of the Vulnerable Software and Affected Versions: zhimengzhe iBarn version 1.5 Description: The issue allows remote attackers to run arbitrary code via avatar upload to "index.php". This is due to a file upload vulnerability in the upload function in action/Core.class.php. Recommendations: F...

PT-2022-16740 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: Flatpress version 1.2.1 Description: A cross-site scripting XSS issue was found in the Upload SVG File function. This could potentially allow attackers to inject malicious scripts into websites. Recommendations: For Flatpress version 1.2.1,...