8 matches found
CVE-2024-27957 WordPress Pie Register plugin <= 3.8.3.1 - Unauthenticated Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1...
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities
Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread...
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Oracle E-Business Suite EBS Unauthenticated Arbitrary File Upload', 'Description' = %q This module exploits an unauthenticated...
Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
The plugin does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file POST /wp-admin/admin-ajax.php...
CVE-2018-25019 LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...
WordPress N5 Upload Form plugin <= 1.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress N5 Upload Form plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000 vulnerable version: Firmware 2.8.4-56 / 3.5.2-85 fixed...