CVE-2025-23011

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...

CVE-2025-23011 Fedora Repository archive extraction path traversal

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...

CVE-2025-23011 Fedora Repository archive extraction path traversal

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...

CVE-2024-35570

The connected PT-2024-26551 entry confirms an arbitrary-file-upload vulnerability in inxedu v2.0.6, specifically the ImageUploadController.class component, enabling code execution via a crafted JSP upload. No fix version is provided; workaround advises avoiding the file-upload feature and restric...

inxedu 安全漏洞

Inxedu inxedu is a set of open source online education platform from China's Inxu Times Inxedu company. The platform includes an online school system, a live streaming system, an exam system and a marketing website. A security vulnerability exists in inxedu v2024.4, which stems from an arbitrary...

CVE-2024-33120

CVE-2024-33120 affects Roothub v2.5, where an arbitrary file upload vulnerability in the upload() function via the customPath parameter allows remote code execution through a crafted JSP file. Reported impact is full confidentiality, integrity, and availability compromise (high). Connected source...

CVE-2024-33120

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...

CVE-2024-2636 Multiple vulnerabilities on Meta4 HR from Cegid

An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/updatepassword.jsp' file. Modifying the 'M4NEWPASSWORD' parameter, an attacker could store a malicious JSP file inside the file...

CVE-2024-2636 Multiple vulnerabilities on Meta4 HR from Cegid

An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/updatepassword.jsp' file. Modifying the 'M4NEWPASSWORD' parameter, an attacker could store a malicious JSP file inside the file...

Ivanti Avalanche FileStoreConfig File Upload

Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve RCE as NT AUTHORITY\SYSTEM. Module Options m...

CVE-2022-42971

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to...

CVE-2022-36431

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1...

Design/Logic Flaw

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1...

Unrestricted Upload of File with Dangerous Type Apache Tomcat

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

Apache Tomcat Unrestricted file upload vulnerability

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file...

Spring4Shell-Poc - Spring Core RCE 0-day Vulnerability

Description of the vulnerability: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Construction of the POC: https://github.com/BobTheShoplifter/Spring4Shell-POC Steps to Build/Run Tested with JDK 11.0.14, Spring Boot 2.6.5, and Apache Tomcat 9.0.60 Run mvn clean packag...

Exploit for Code Injection in Vmware Spring_Framework

:spaceinvader: CVE-2022-22965 This is a proof of concept of a...

Apache Tomcat on Windows Remote Code Execution Vulnerability

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

Apache Tomcat Remote Code Execution Vulnerability

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

CVE-2021-44093

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...