PT-2022-2512 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions 3.0 through 22.02 Description: An issue was discovered in the ContentResource API, allowing attackers to craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal,...

The vulnerability of the WinVerifyTrust function in the Windows operating system, allowing a hacker to execute arbitrary code

The vulnerability of the WinVerifyTrust function in the Windows operating system is related to improper validation of PE files during the verification of Authenticode signatures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created signed PE...

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

Design/Logic Flaw

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

CVE-2021-45040

CVE-2021-45040 affects Spatie Laravel Media Library Pro (versions up to 1.17.10 and 2.x up to 2.1.6) and allows remote attackers to upload executable files via the uploads route. Multiple connected sources corroborate an Arbitrary File Upload vulnerability that can be exploited unauthenticated, e...

Laravel Media Library Pro 2.1.6 Shell Upload Vulnerability

Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...

Laravel Media Library Pro 2.1.6 Shell Upload

Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...

MODX Revolution code issue vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...

PT-2022-17696 · Modx · Modx Revolution

Name of the Vulnerable Software and Affected Versions: MODX Revolution versions 2.8.3-pl and earlier Description: The issue allows remote authenticated administrators to execute arbitrary code by uploading an executable file. This is possible because the Uploadable File Types setting can be chang...

MODX Revolution 代码问题漏洞

MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...

Design/Logic Flaw

Forms generated by JQueryForm.com before 2022-02-05 if file-upload capability is enabled allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content...

SICK SOPAS ET path traversal vulnerability

Sick Sopas Et is an engineering tool from the German company Sick. versions prior to SICK SOPAS ET 4.8.0 contain a path traversal vulnerability that could be exploited to manipulate the pathname of the emulator and use path traversal to run arbitrary executable files located on the host system...

CVE-2021-38510

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 94, Thunderbird...

The vulnerability of the R8000 router software allows a hacker to re-record the executable files.

The vulnerability of the R8000 router software is related to the possibility of executing arbitrary code in NETGEAR devices. Exploiting this vulnerability could allow a remote attacker to re-record the executable files...

Mozilla Firefox Security Advisory (MFSA2013-83) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Tenable Network Security Nessus 权限许可和访问控制问题漏洞

Nessus is a system vulnerability scanning and analysis software. 8.15.2 and earlier versions of Nessus contain a local elevation of privilege vulnerability. An attacker could exploit this vulnerability to run specific executable files on the Nessus Agent host...

The vulnerability of the zlib compression library in the “Avora” operating system allows a hacker to cause a service failure or have an unpredictable impact.

The vulnerability of the zlib compression library in the “Avora” operating system is related to integer overflows. Exploiting this vulnerability can allow attackers to cause service failures or have unpredictable effects using specially crafted .apk or .dex files...

CVE-2021-38346

The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...

Directory traversal

The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...