864 matches found
CVE-2021-26293
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
Directory traversal
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
Remote code execution
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...
CVE-2020-26285 Widget instances allows a hacker to inject an executable file on the server on OpenMage
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...
Remote code execution
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...
CVE-2020-35112
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...
Design/Logic Flaw
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...
CVE-2020-35112
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...
DLL Hijacking Vulnerability in Cyberdocument Windows Client
Xunfei Document is an online document software that supports multiple people and multiple ends to edit at the same time, produced by KDDI. Xunfei Document windows client DLL hijacking vulnerability, an attacker can use the vulnerability in the client process to inject executable DLL file, to...
Command Execution Vulnerability in Huaan Securities Options Bowl
Huaan Securities Options Bao is an individual stock options online trading Qianlong version of the client is a set of individual stock options quotes, strategies, trading in one of the professional terminal. Huaan Securities Options Treasure suffers from a command execution vulnerability, which c...
Command Execution Vulnerability in Kingdee Wisdom Store Edition Client Software
Developed by YouShang.com, an e-commerce service website under Kingdee International Software Group HK Code: 268, WisdomJournal is China's first free management software tailored for individual merchants to manage their sales and inventories, with the core value of "accurate quotes and clear...
Command Execution Vulnerability in Xiaozhi Desktop
Smart Desktop is a desktop organizer that improves office efficiency. Xiaozhi Desktop suffers from a command execution vulnerability, which can be exploited by an attacker to inject an executable DLL file into a client process to perform arbitrary functions...
Command Execution Vulnerability in SourceWise Editor Client Software
SourceWise Editor is a brand new hardware programming client that is the latest addition to Programming Cat. A command execution vulnerability exists in the Source Code Wise Editor client software, which can be exploited by an attacker to inject an executable DLL file into the client process to...
CVE-2020-25406
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...
Lemocms Code Issues Vulnerabilities
Lemocms is a backend administration site builder developed by Lemocms Community based on ThinkPhp. A security vulnerability exists in lemocms version 1.8.x. The vulnerability stems from allowing users to upload files to upload executable files in appadmincontrollersysUploads.php...
CVE-2020-4588
IBM i2 iBase 8.9.13 is vulnerable to unrestricted file upload, allowing uploaded executables to be run, potentially causing code execution on a victim. IBM’s Security Bulletin confirms the fix in iBase 9 and advises upgrading to a version that includes the fix. Affected product/version: IBM i2 iB...
CVE-2020-24807
The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...
CVE-2020-24807
The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...