CVE-2017-16949

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and...

CVE-2017-17727

DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/articleedit.php...

Design/Logic Flaw

DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/articleedit.php...

CVE-2017-17727

DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/articleedit.php...

CVE-2017-17727

CVE-2017-17727 affects DedeCMS 5.6 and earlier. Affected component: template handling in member/article_edit.php; root cause: insufficient validation in the templet parameter allows embedding PHP code within a .jpg file, enabling arbitrary file upload and PHP code execution. Documented impact: re...

CVE-2017-17727

DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/articleedit.php...

LvyeCMS Code Execution Vulnerability

LvyeCMS is a content management system developed by China Lvye Network Technology using ThinkPHP framework and an independent grouping approach. A security vulnerability exists in LvyeCMS 3.1 and earlier versions. The vulnerability can be exploited by a remote attacker to upload and execute...

CVE-2017-16941

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a...

Design/Logic Flaw

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000196

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000196

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000196

CVE-2017-1000196 affects October CMS build 412. The asset manager allows PHP code execution, leading to site compromise and potentially other applications on the server. Exploitation details and remediation are not provided in the supplied documents; no patch/version is specified here.

CVE-2017-1000196

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

Samsung SRN-1670D Web Viewer Arbitrary File Upload Vulnerability

Samsung SRN-1670D is a network video recorder product from Samsung, South Korea.Web Viewer is one of the web browser components. An arbitrary file upload vulnerability exists in version 1.0.0.193 of the Web Viewer on the Samsung SRN-1670D device. A remote attacker can upload and execute arbitrary...

CVE-2017-16524

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

Catalyst Mahara PHP Code Execution Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2. An attacker could...

CVE-2017-1000148

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize" function when importing a skin from an XML file...

CVE-2017-1000148

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize" function when importing a skin from an XML file...

CVE-2017-1000148

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize" function when importing a skin from an XML file...

CVE-2017-1000148

Mahara is affected in 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2. The vulnerability arises when Mahara imports an XML skin, as portions of the XML are passed to PHP unserialize(), enabling PHP code execution. The issue is documented across multiple sources (e.g., NVD/CNV...