EUVD-2023-31269

Malicious code in bioql PyPI...

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v018 and prior versions, which stems from a stored cross-site scripting XSS attack that may occur if parameters sent as input in an HTTP request are not properly checked...

CVE-2023-27507

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

CVE-2023-27507

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

Unrestricted file upload

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

Path traversal

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

PT-2023-21179 · Unknown · Microengine Mailform

Name of the Vulnerable Software and Affected Versions: MicroEngine Mailform versions 1.1.0 through 1.1.8 Description: The issue allows a remote attacker to save an arbitrary file on the server and execute it, given that the file upload function and server save option are enabled. This is due to a...