11 matches found
CVE-2021-41764
A cross-site request forgery CSRF vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a...
CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...
CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
CVE-2021-41764
A cross-site request forgery CSRF vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a...
Fckeditor local TEST. HTML-vulnerability warning-the black bar safety net
Since the previous storm the TEST. HTML upload 0day later, a lot of webmasters to the TEST. HTML to delete. But upload The file didn't delete it. Such words can be themselves in the construction of one. Below is my collection. Put the following code saved into a TEST. HTML. Then modify it to uplo...
DedeCms v5. 6 malicious code execution vulnerability-vulnerability warning-the black bar safety net
Affected version: DedeCms v5. 6 vulnerability description: In the upload software of the Local, the local address not be effectively verified, it can be maliciously used Test method: Registered members, upload software: the local address is filled into a/dede:linkdede:toby57...
Webiz 2004 - Local File Upload
Exploit Title: Webiz local SHELL Upload Vulnerability Date: 23-05-2010 Author: kannibal615 Software Link: N/A Version: 2004 Tested on: PHP CVE : N/A Code : @@ @@ @@@@@@ @@ @@ @@@@ @@@@@@@ @@ @@ @@@@@@@ @@@@@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@@ @@@@@@@@ @@ @@ @@ @@@@ @@@@@@ @@ @...
The new cloud 4. 0 registered upload vulnerability-vulnerability warning-the black bar safety net
First download a serawebinfo Put the following configuration file is saved as xunyun. seraph url=http://localhost/users/upload. asp? action=save&ChannelID=1&sType= filefield=File1 filefield2= filename=2 0 0 9 8 1 6 2 3 5 5 4. cer;. gif filename2= local=C:\Documents and Settings\seraph\ 桌面 \1.jpg...
GLSA-200808-03 : Mozilla products: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200808-03 Mozilla products: Multiple vulnerabilities The following vulnerabilities were reported in all mentioned Mozilla products: TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS...
CMS from Scratch <= 1.1.3 (image.php) Directory Traversal Vulnerability
Exploit for unknown platform in category web applications ======================================================================= CMS from Scratch special THanks to EgiX For founded it :d: Exploit : http://localhost/path/cms/images.php?dir=c: Example :...
CVE-2004-0959
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$FILES" array to be modified...