106 matches found
CVE-2024-32872
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2023-50164
A flaw was found in Apache Struts. Affected versions of this package are vulnerable to Remote Code Execution RCE via manipulation of file upload parameters that enable path traversal. Under certain conditions, uploading a malicious file is possible, which may then be executed on the server...
GLPI Input Validation Error Vulnerability
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
CVE-2023-37502 An unrestricted file upload vulnerability affects HCL Compass
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...
Path traversal
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...
WordPress plugin WP Ultimate CSV Importer Code Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
CVE-2023-27397
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...
CVE-2023-27397
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...
CVE-2023-0598
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...
PT-2023-7457 · Ge Digital · Ge Digital Proficy Ifix
Name of the Vulnerable Software and Affected Versions: GE Digital Proficy iFIX versions 6.1 through 6.5 GE Digital Proficy iFIX 2022 Description: The issue is related to incorrect code generation management in the GE Proficy HMI/SCADA iFIX software, which may allow an attacker to gain full contro...
CVE-2022-27662
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...
CVE-2022-27139
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...
New Wslink Malware Loader Runs as a Server and Executes Modules in Memory
Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it run...
Code injection
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...
WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware
Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google,...
Kirby Code Issues Vulnerabilities
Kirby is a document-based content management system CMS. A security vulnerability exists in Kirby versions prior to 2.5.14 that stems from the fact that an editor with full access to the Kirby panel could upload a PHP .phar file and execute it on the server. No details of the vulnerability are...
Kirby 代码问题漏洞
Kirby is a document-based content management system CMS. A security vulnerability exists in Kirby versions prior to 2.5.14 that stems from the fact that an editor with full access to the Kirby panel could upload a PHP .phar file and execute it on the server. No details of the vulnerability are...
SpamTitan Command Injection Vulnerability
SpamTitan is an anti-spam solution from C/o Copperfasten, Ireland. The solution is characterized by easy installation and simple configuration. A command injection vulnerability exists in SpamTitan 7.07. The vulnerability stems from improper input validation of the community parameter in...
CVE-2020-24566
In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then under certain circumstances the account password is exposed in...
Unrestricted File Upload
concrete5/concrete5 allows unrestricted file uploads. An attacker is able to upload a malicious PHP file with a file extension such as .phar, which would cause the server to execute PHP codes within the file under the context of the server...