GHSA-V22V-XWH7-2VRM UnoPim vulnerable to remote code execution through Arbitrary File upload

Summary: Affected Functionality: Image upload at User creation Endpoint: /admin/settings/users/create Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy lik...

The vulnerability of the SuiteCRM customer relationship management system lies in the lack of restrictions on file downloads. This allows a malicious actor to execute or open files on the web server without having access to those files.

The vulnerability of the SuiteCRM customer relationship management system is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute or open files on the web server without having access to those files...

IMP 2.2.6 (SECURITY) released

The Horde team announces the availability of IMP 2.2.6, which fixes three potential security issues. We strongly recommend that all sites running IMP 2.2.x upgrade to this version. 1 A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get...

Очередная дырка в WebSite Pro

CGI-директории по умолчанию открыты на запись. В состав сервера входит программа, позволяющая загружать файлы на сервер. Кроме того, при определенном запросе сервер показывает путь к локальным файлам, что суммарно позволяет загрузить и выполнить любой файл на сервере...