3 matches found
CVE-2024-58298
CVE-2024-58298 – Compuware iStrobe Web 20.13 is confirmed to have a pre-authentication remote code execution vulnerability due to a path-traversal in the file upload form. The issue allows unauthenticated attackers to upload JSP files via the fileName parameter, effectively uploading a web shell ...
CVE-2022-30117
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...
Novell ZENworks Asset Management File Upload Traversal
Added: 05/27/2011 CVE: CVE-2010-4229 BID: 47295 OSVDB: 71872 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 10.3 prior to 10.3.2 and version 11 fail to validate the...