128 matches found
CVE-2023-50038
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions...
CVE-2023-50038
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions...
Design/Logic Flaw
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions...
CVE-2023-50038
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions...
Improper Input Validation in mindsdb
Impact The put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. This issue may lead to arbitrary file write. This...
H2O local file inclusion vulnerability
A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...
CVE-2023-6038
A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...
CVE-2023-6038 Local File Inclusion in h2oai/h2o-3
A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...
CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...
CVE-2023-30855
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Impact The impact of this path traversal and arbitrary extension is limited creation of arbitrary files and appending data to existing files but when combined with the SQL Injection, the exported data RESTRICTED DIFFUSION 9 / 9 can be controlled and a webshell can be uploaded. Attackers can use...
Textpattern CMS <= 4.8.8 Multiple Arbitrary File Upload Vulnerabilities
Textpattern CMS is prone to multiple arbitrary file upload vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Mageia: Security Advisory (MGASA-2018-0355)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Arbitrary File Upload
showdoc/showdoc is vulnerable to arbitrary file upload attacks. An unauthenticated attacker is able to obtain unauthorized server permissions via arbitrary file uploads...
CVE-2021-41745
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions...
CVE-2021-41744
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM Product Life Cycle Management is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the...
CVE-2021-41745
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions...
Design/Logic Flaw
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions...
CVE-2021-41745
CVE-2021-41745 corresponds to a file upload vulnerability in ShowDoc 2.8.3. The connected sources describe an issue where exploitation allows an attacker to obtain server privileges. Affected product: ShowDoc 2.8.3; vulnerable component: file upload handling. Underlying root cause is described as...
CVE-2021-41744
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM Product Life Cycle Management is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the...