31 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons FileUpload ( CVE-2023-24998)
Summary A vulnerability in Apache Commons FileUpload used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be...
CVE-2022-40407
CVE-2022-40407 concerns Chamilo LMS, affecting version 1.11. The connected documents describe a zip-slip vulnerability in Chamilo’s file-upload function that enables remote code execution via a crafted Zip file. The underlying issue is a zip-slip extraction flaw in the upload handling, leading to...
CVE-2022-24553
An issue was found in Zfaka = 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution...
CVE-2021-41566
The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in...
Cross-site Scripting (XSS)
baserproject/basercms is vulnerable to cross-site scripting. The file upload function on the management system does not escape user-provided data, allowing an attacker to inject and execute malicious javascript...
CVE-2021-39136
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are...
WordPress Ultimate Product Catalog 3.8.6 Shell Upload
Exploit Title: Wordpress Ultimate-Product-Catalog v3.8.6 Arbitrary file RCE Date: 2016-06-23 Google Dork: Index of /wp-content/plugins/ultimate-product-catalogue/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://www.EtoileWebDesign.com/ plugin uri:...
The hospital was built Station system arbitrary file upload vulnerability-vulnerability warning-the black bar safety net
| Vulnerability file: upfile. aspx I first posted 9 8 line to 1 3 0 lines of code out ,look a bit funny! Google for: inurl:cms/Column. aspx? that inurl:cms/Column. aspx? LMID= too much,your own to find more keywords! | 0 1 | ---|--- 0 2 | function chkform ---|--- 0 3 | ---|--- 0 4 | ---|--- 0 5 |...
Joomla JE Messenger 1.0 Shell Upload
JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor http://joomlaextensions.co.in Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-12-09 X. INDEX I. ABOUT THE APPLICATIO...
Lanius CMS <= 0.5.2 Remote Arbitrary File Upload Exploit
Exploit for unknown platform in category web applications ======================================================== Lanius CMS = 0.4.6 and Lanius CMS $maxsz 53. return sprintfUPLOADTOOBIG, convertbytes$filesz, convertbytes$maxsz; 54. 55. $thyname = basenameurldecode$FILES$elem'name'; 56. if...
EkinBoard 1.1.0 - Arbitrary File Upload / Authentication Bypass
---- EkinBoard Remote File Upload / Auth Bypass ... ITDefence.ru Antichat.ru EkinBoard = 1.1.0 Remote File Upload / Auth Bypass Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // / /\ / //...