30 matches found
EUVD-2020-11207
Malware in sbrugna...
EUVD-2021-31709
Malicious code in bioql PyPI...
EUVD-2022-33432
Malicious code in bioql PyPI...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
CVE-2022-29001
In SpringBootMovie =1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability...
Design/Logic Flaw
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
CVE-2023-37658
fast-poster v2.15.0 is vulnerable to Cross Site Scripting XSS. File upload check binary of img, but without strictly check file suffix at /server/fast.py - ApiUploadHandler.post causes stored XSS...
Cross site scripting
fast-poster v2.15.0 is vulnerable to Cross Site Scripting XSS. File upload check binary of img, but without strictly check file suffix at /server/fast.py - ApiUploadHandler.post causes stored XSS...
fastposter 跨站脚本漏洞
fastposter is fastposter open source a rapid development of posters. fastposter v2.15.0 version has a security vulnerability , the vulnerability stems from the file upload check does not strictly check the file suffix , vulnerable to stored cross-site scripting XSS attacks...
CVE-2021-44912
In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is...
Unrestricted file upload
XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restrict...
Cross site scripting
In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is...
Cross site scripting in kindeditor
Cross SIte Scripting XSS vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor the file suffix is allowed...
CVE-2021-42227
CVE-2021-42227 describes a cross‑site scripting (XSS) vulnerability in KindEditor 4.1.x . The weakness is triggered via the editor’s upload flow, specifically related to the file handling in the upload context (e.g., an upload_json.php path) and exposure through a Google search result pointing to...
Unrestricted file upload
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by...
Pixie CMS 1.04 arbitrary file upload
Pixie CMS 1.04 background the presence of arbitrary file upload vulnerability Vulnerability analysis: In Publish File Manager module you can upload any file View Code /admin/admin/modules/modfilemanager.php $multiupload-extensions = array '. png', '. jpg', '. gif', '. zip', '. mp3', '. pdf', '...
DEBIAN-CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
ALPINE-CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...