Synology Calendar OS Command Injection Vulnerability

Synology Calendar is a file protection program from Synology Inc. of Taiwan, China that runs on Synology NAS Network Storage Server devices. An operating system command injection vulnerability exists in the driverssynoimportuser.php file in Synology Calendar versions prior to 2.3.1-0617. The...

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

CVE-2019-11829

OS command injection vulnerability in driverssynoimportuser.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header...

WordPress Import users from CSV with meta plugin <= 1.14.1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress Import users from CSV with meta plugin versions = 1.14.1.3. Solution Update the WordPress Import users from CSV with meta plugin to the latest available version at least 1.14.2.2...

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

WordPress Dropshix plugin <= 4.0.11 - Arbitrary Product Import vulnerability

Arbitrary Product Import vulnerability found in WordPress Dropshix plugin versions = 4.0.11. Solution Update the WordPress Dropshix plugin to the latest available version at least 4.0.14...

PRODSECBUG-2349: Arbitrary code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...

Import users from CSV with meta <= 1.14.1.3 - CSRF leading to attachment deletion & Path Traversal

CSRF leading to attachment deletion via the acuideleteattachment AJAX function...

Cisco Integrated Management Controller Access Control Error Vulnerability (CNVD-2019-18903)

Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. An access...

CVE-2019-1629

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

Design/Logic Flaw

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

CVE-2019-1629 Cisco Integrated Management Controller Arbitrary File Write Vulnerability

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

CVE-2019-1629

The CVE-2019-1629 issue affects Cisco Integrated Management Controller (IMC) via the configuration import utility. It stems from a failure to delete temporarily uploaded files, allowing an unauthenticated, remote attacker to gain write access and upload arbitrary data to the filesystem. This coul...

CVE-2019-1629 Cisco Integrated Management Controller Arbitrary File Write Vulnerability

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

Import users from CSV with meta <= 1.14.1.2 - XSS

The Import and export users and customers WordPress plugin was affected by a XSS security vulnerability...

Cisco Integrated Management Controller Arbitrary File Write Vulnerability

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

CVE-2019-12831

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems that leads to truncation of strings that are too long for a database column to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of...

CVE-2019-12831

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems that leads to truncation of strings that are too long for a database column to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of...