CVE-2022-27349

Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-27346

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-27064

CVE-2022-27064 : In Musical World v1, an arbitrary file upload vulnerability in uploaded_songs.php allows remote code execution via a crafted PHP file. Public PoCs show uploading a shell to /songs/uploaded_songs/shell.php due to missing file validation. Connected advisories (Red Hat RH:CVE-2022-2...

CVE-2022-26627

Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file...

Design/Logic Flaw

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

CVE-2022-20754 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

CVE-2021-26112

CVE-2021-26112 identifies multiple stack-based buffer overflow vulnerabilities in Fortinet FortiWAN before version 4.5.9, affecting both network daemons and the command line interpreter. The underlying issue is a buffer overflow (CWE-121) that may allow an unauthenticated attacker to corrupt memo...

CVE-2022-28062

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code...

CVE-2022-27963

Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file...

Fuji Electric Alpha5

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 Vulnerabilities: Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

DrayTek Vigor Format String Vulnerability

DrayTek Vigor is a router. a format string vulnerability exists in DrayTek Vigor, which can be exploited by remote attackers to execute arbitrary code via specially crafted HTTP messages containing malformed query strings...

Ubuntu: Security Advisory (USN-5342-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Acrobat DC (Continuous) Security Update (APSB21-29) - Windows

Adobe Acrobat DC Continuous Track is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-43097

The provided connected documents indicate CVE-2021-43097 affects the bbs 5.3 web application, specifically a Server-side Template Injection (SSTI) in TemplateManageAction.java that could allow a malicious user to execute arbitrary code. This establishes the component/file and the underlying vulne...

CVE-2022-23880

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file...

Snapt Aria Cross-Site Request Forgery Vulnerability

Snapt Aria is an enterprise ADC solution from Snapt USA that provides a load balancer, web gas pedal, web application firewall WAF, global server load balancer GSLB, etc. A cross-site request forgery vulnerability exists in Snapt Aria version 12.8, which stems from a WEB application that does not...

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-26008

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

ROS-20220317-01

Apache HTTP Server web server vulnerability is related to a bounds error in LimitXMLRequestBody. Exploitation vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system Apache HTTP Server web server vulnerability is related to...