Fortinet FortiAuthenticator 安全漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Vulnerabilities exist in versions 6.6.0 to 6.6.6, 6.5 all versions, 6.4 all versions, and 6.3 all versions of FortiAuthenticator. These vulnerabilities stem from the lack of...

CVE-2020-10562

An issue was discovered in DEVOME GRR before 3.4.1c. admineditroom.php mishandles file uploads...

CVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

EUVD-2011-4378

Malware in sbrugna...

CVE-2024-13451

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing...

CVE-2024-13451

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing...

CVE-2024-13498

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2024-13498

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2022-0889

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

CVE-2024-10260

The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

WisdomGarden Tronclass 代码问题漏洞

WisdomGarden Tronclass ilearn is a teaching platform from China WisdomGarden, Inc. A security vulnerability exists in WisdomGarden Tronclass that stems from improper access control when uploading files. Affected products and versions: Tronclass ilearn app version 2.3.2 and Tronclass ilearn web...

Cloudreve 跨站脚本漏洞

Cloudreve is Cloudreve open source a public cloud file system that supports multiple cloud storage drives. A cross-site scripting vulnerability exists in Cloudreve versions v1.0.0 through v3.5.3. The vulnerability stems from the discovery of a cross-site scripting XSS vulnerability via the file...

SUSE: Security Advisory (SUSE-SU-2020:1661-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...