55 matches found
PT-2022-6231
Name of the Vulnerable Software and Affected Versions Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.11 Description A flaw exists in the Upload component of Oracle Web Applications Desktop Integrator within Oracle E-Business Suite. This issue allows an unauthenticated...
The vulnerability of the “Upload” component of the TUG Home Base Server allows attackers to carry out XSS attacks.
The vulnerability of the “Upload” component of the TUG Home Base Server is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to carry out XSS attacks...
CVE-2022-29725
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...
Creatiwity wityCMS 代码问题漏洞
Creatiwity wityCMS is a lightweight PHP-based content management system CMS. A security vulnerability exists in Creatiwity wityCMS version 0.6.2, which stems from an arbitrary file upload vulnerability in the image upload component. The vulnerability can be exploited by an attacker to execute...
CVE-2022-29725
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...
Arbitrary File Upload
Overview typo3/cms is a free open source Content Management Framework. Affected versions of this package are vulnerable to Arbitrary File Upload due to improper checks on file extensions in the file upload component and File Abstraction Layer. Remediation Upgrade typo3/cms to version 6.0.8, 6.1.3...
CVE-2021-46036
An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code...
Raonwiz K Upload 代码问题漏洞
Raonwiz K Upload is a file transfer component from Raonwiz Korea.Raonwiz K Editor v2018.0.0.10 contains a security vulnerability that allows an attacker to perform a DLL hijacking attack on service or system restart...
SourceCodester Car Rental Management System Code Issue Vulnerability
SourceCodester Car Rental Management System is a car rental management system from SourceCodester USA. A security vulnerability exists in SourceCodester Car Rental Management System version 1.0, which originates from an arbitrary file upload in the upload image component that allows users to...
Design/Logic Flaw
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=managecar because .php files can be uploaded to admin/assets/uploads/ under the web root...
Verot 2.0.3 - Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85";...
Z-BlogPHP Arbitrary PHP Code Execution Vulnerability
Z-BlogPHP is an open source PHP-based blog system developed by the Z-Blog community. plugin upload component is one of the plugin upload components. A security vulnerability exists in the plugin upload component in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sendi...
Unspecified Vulnerability in Oracle Argus Safety (CNVD-2018-02387)
Oracle Argus Safety is a complete pharmacovigilance software system designed to address the pharmaceutical industry's toughest regulatory challenges. An unspecified vulnerability exists in the File Upload component of Oracle Argus Safety. An attacker could exploit this vulnerability to compromise...
CVE-2008-4366
Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/uplo...
CVE-2008-4366
CVE-2008-4366 is an unrestricted file upload in the image upload component of Camera Life 2.6.2b4. According to the connected documents, remote authenticated users can upload a file with an executable extension and then access it via a direct URL under images/photos/upload, potentially executing ...