PT-2024-18417 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function, making it possible for unauthenticated attackers...

PT-2024-19543 · Webtrees · Webtrees

Name of the Vulnerable Software and Affected Versions: Webtrees version 2.1.18 Description: The issue allows an attacker, in this case, an administrator, to navigate beyond the intended directory, the 'media/' directory, to access sensitive files in other parts of the application's file system by...

CVE-2024-25909

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

CVE-2024-25909

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

CVE-2024-25909 WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

CVE-2024-25909

Summary of CVE-2024-25909 (WordPress WP Media folder): The WP Media folder plugin (WordPress) versions

WordPress Plugin WP Media folder Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

PT-2024-21200 · Joomunited · Joomunited Wp Media Folder

Name of the Vulnerable Software and Affected Versions: JoomUnited WP Media folder versions n/a through 5.7.2 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in the JoomUnited WP Media folder. This vulnerability allows for the upload of files...

CodeAstro Membership Management System Code Issue Vulnerability

CodeAstro Membership Management System is a membership management system from CodeAstro. A code issue vulnerability exists in CodeAstro Membership Management System version 1.0, which stems from the component Logo Handler's file /uploads/ that can lead to unrestricted uploads...

CVE-2024-26265

The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, whic...

PT-2024-3919 · Ge Healthcare · Common Service Desktop

Name of the Vulnerable Software and Affected Versions: Common Service Desktop versions affected versions not specified Description: The issue is related to a path traversal vulnerability in the getAllFolderContents function of the Common Service Desktop component in GE HealthCare ultrasound...

Nextcloud: Attachments folder for Text app is accessible on Files Drop/Password protected shares

The Nextcloud Text app's attachments folder was found to be accessible on Files Drop/Password protected shares...

Nextcloud: Possible to enumerate valid files in password protected shares/files drop shares as well as spam folder with files

The summary is as follows: It was possible to enumerate valid files in password protected shares and file drop shares. Additionally, it was possible to spam the folder with empty files using an attacker-controlled file name. The vulnerability existed in the DocumentAPIControllercreate method, whi...

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change

Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...

RICOH Multiple Products Threat of Folder User Password Breach (CVE-2022-43969)

Ricoh is aware of the reported 'Threat of folder user password breach' CVE-2022-43969 that affects certain products and services that Ricoh develops, manufactures, and offers. The user password for the folder, that is saved to a device with data transmission functionality, may be breached via a...

jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin

A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder...

jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts

A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders...

WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload

Software WP Media folder Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25909 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID e05dfe398169 Credits Dave Jong Patchstack Required privilege...