68 matches found
CVE-2025-26350
A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests...
CVE-2024-45219
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2....
CVE-2024-45219 Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2....
WordPress Plugin Template Kit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-19819 · WordPress · The Template Kit
Name of the Vulnerable Software and Affected Versions: The Template Kit – Import plugin for WordPress versions prior to 1.0.15 Description: The issue arises from insufficient input sanitization and output escaping in the template upload functionality, allowing authenticated attackers with author...
Template Kit – Import < 1.0.15 - Author+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the template upload functionality due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that wil...
CVE-2023-50569
Reflected Cross Site Scripting XSS vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templatesimport.php...
UBUNTU-CVE-2023-50569
Reflected Cross Site Scripting XSS vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templatesimport.php...
CVE-2023-50569
Removed by vendor...
PT-2023-31591 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue is a Reflected Cross Site Scripting XSS vulnerability that allows remote attackers to escalate privileges. This occurs when an xml template file is uploaded via the "templates import.php" API...
PT-2023-8110 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue is related to insufficient protection of the web page structure in the Cacti network monitoring tool. This allows a remote attacker to conduct cross-site scripting attacks and gain unauthorized acce...
Denial Of Service (DoS)
ethycafides is vulnerable to Denial Of Service DoS. The vulnerability exists due to a lack of validation in the template upload feature, which allows an attacker with with the CONNECTORTEMPLATEREGISTER scope to upload a malicious zip bomb file, causing the fides webserver to run out of resources...
CVE-2023-37480
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...
CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...
CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...
Fides 资源管理错误漏洞
Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A resource management error vulnerability exists in Fides versions 2.11.0 through 2.15.1, which is rooted in...
Exploit for Unrestricted Upload of File with Dangerous Type in Pwndoc_Project Pwndoc
CVE-2022-45771 The PwnDoc...
CVE-2021-46036
An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code...
CVE-2021-46115
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin.TemplateControllerdoUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code...
CVE-2021-46115
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin.TemplateControllerdoUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code...