Lucene search
K

55 matches found

Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.2 views

PT-2022-6231

Name of the Vulnerable Software and Affected Versions Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.11 Description A flaw exists in the Upload component of Oracle Web Applications Desktop Integrator within Oracle E-Business Suite. This issue allows an unauthenticated...

9.8CVSS7.8AI score0.98342EPSS
Exploits7References55
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.7 views

The vulnerability of the “Upload” component of the TUG Home Base Server allows attackers to carry out XSS attacks.

The vulnerability of the “Upload” component of the TUG Home Base Server is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to carry out XSS attacks...

9CVSS6.6AI score0.00567EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.3 views

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS6.2AI score0.01327EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

Creatiwity wityCMS 代码问题漏洞

Creatiwity wityCMS is a lightweight PHP-based content management system CMS. A security vulnerability exists in Creatiwity wityCMS version 0.6.2, which stems from an arbitrary file upload vulnerability in the image upload component. The vulnerability can be exploited by an attacker to execute...

8.8CVSS8.4AI score0.01327EPSS
Exploits1References2
OSV
OSV
added 2022/05/31 1:31 p.m.13 views

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS7.8AI score0.01327EPSS
Exploits1References3
Snyk
Snyk
added 2022/05/17 4:43 a.m.2 views

Arbitrary File Upload

Overview typo3/cms is a free open source Content Management Framework. Affected versions of this package are vulnerable to Arbitrary File Upload due to improper checks on file extensions in the file upload component and File Abstraction Layer. Remediation Upgrade typo3/cms to version 6.0.8, 6.1.3...

8.8CVSS7AI score0.01151EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/18 7:15 p.m.5 views

CVE-2021-46036

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code...

9.8CVSS8.1AI score0.03507EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/07/14 12:0 a.m.4 views

Raonwiz K Upload 代码问题漏洞

Raonwiz K Upload is a file transfer component from Raonwiz Korea.Raonwiz K Editor v2018.0.0.10 contains a security vulnerability that allows an attacker to perform a DLL hijacking attack on service or system restart...

7.8CVSS5.5AI score0.00458EPSS
Exploits1References3
CNVD
CNVD
added 2020/11/05 12:0 a.m.2 views

SourceCodester Car Rental Management System Code Issue Vulnerability

SourceCodester Car Rental Management System is a car rental management system from SourceCodester USA. A security vulnerability exists in SourceCodester Car Rental Management System version 1.0, which originates from an arbitrary file upload in the upload image component that allows users to...

9.8CVSS8.1AI score0.05152EPSS
Exploits1References1
Prion
Prion
added 2020/10/28 3:15 a.m.16 views

Design/Logic Flaw

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=managecar because .php files can be uploaded to admin/assets/uploads/ under the web root...

7.5CVSS9.6AI score0.05152EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2019/12/06 12:0 a.m.852 views

Verot 2.0.3 - Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85";...

0.1AI score0.26184EPSS
Exploits7
CNVD
CNVD
added 2018/04/16 12:0 a.m.4 views

Z-BlogPHP Arbitrary PHP Code Execution Vulnerability

Z-BlogPHP is an open source PHP-based blog system developed by the Z-Blog community. plugin upload component is one of the plugin upload components. A security vulnerability exists in the plugin upload component in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sendi...

7.2CVSS7.7AI score0.01226EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/17 12:0 a.m.3 views

Unspecified Vulnerability in Oracle Argus Safety (CNVD-2018-02387)

Oracle Argus Safety is a complete pharmacovigilance software system designed to address the pharmaceutical industry's toughest regulatory challenges. An unspecified vulnerability exists in the File Upload component of Oracle Argus Safety. An attacker could exploit this vulnerability to compromise...

6.5CVSS6.7AI score0.00607EPSS
Exploits0References1
Cvelist
Cvelist
added 2008/09/30 9:0 p.m.24 views

CVE-2008-4366

Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/uplo...

7.3AI score0.03055EPSS
Exploits1References4
CVE
CVE
added 2008/09/30 9:0 p.m.48 views

CVE-2008-4366

CVE-2008-4366 is an unrestricted file upload in the image upload component of Camera Life 2.6.2b4. According to the connected documents, remote authenticated users can upload a file with an executable extension and then access it via a direct URL under images/photos/upload, potentially executing ...

6.5CVSS7.3AI score0.03055EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder