CVE-2023-42017

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425 Description Cross Site Scripting vulnerabil...

Galaxy Software Services Vitals ESP Security Vulnerability

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP due to insufficient filtering and authentication during file uploads, which can be exploited by an...

PT-2023-27925 · Galaxy Software Services · Vitals Esp

Name of the Vulnerable Software and Affected Versions: Galaxy Software Services Corporation Vitals ESP affected versions not specified Description: The issue is related to insufficient filtering and validation during file upload in an online knowledge base management portal. An authenticated remo...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-33253

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...

aaPanel 安全漏洞

aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel v1.5, which stems from an access control issue that can be exploited by an attacker to elevate privileges and execute arbitrary code by uploading a crafted PHP file to the system's virtual host directory...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application for voice, video, messaging, audio conferencing and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.6.0.13 and earlier, which stems from. , improper authorization controls, which could allow an...

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

PONTON X/P Messenger 路径遍历漏洞

PONTON X/P Messenger is a highly configurable ebXML, AS/1, AS/2, AS/3 and AS/4 compliant messaging software from the German company PONTON. ponton X/P Messenger is vulnerable to a path traversal vulnerability that could be exploited by an attacker to upload executable scripts while obtaining...

CVE-2021-42940

A Cross Site Scripting XSS vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code...

Phpwcms 1.9.30 - File Upload to XSS Vulnerability

Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload with SVG...

Ziehl-Abegg OA Security Breach

Zhiyuan Internet Zhiyuan OA is a collaboration management software from China Zhiyuan Internet Company. Due to the unauthorized access to certain interfaces and insufficient filtering of some functions in older versions of Zhiyuan OA, attackers can upload malicious script files without...

CVE-2020-25010

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an...

Design/Logic Flaw

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an...

BaserCMS Remote Code Execution Vulnerability

BaserCMS is an open source enterprise-level content management system cms. A remote code execution vulnerability exists in the editor template in versions of baserCMS prior to 4.4.1. The vulnerability can be exploited by a system administrator to achieve remote code execution by uploading an...