303 matches found
CVE-2023-41631
eSST Monitoring v2.147.1 was discovered to contain a remote code execution RCE vulnerability via the file upload function...
CVE-2023-41631
eSST Monitoring v2.147.1 was discovered to contain a remote code execution RCE vulnerability via the file upload function...
Cross-site Scripting (XSS)
cockpit-hq/cockpit is vulnerable to Stored Cross-site Scripting XSS. The vulnerability exists in the upload function at bootstrap.php due to lack of MIME sanitization which allows an attacker to inject and execute arbitrary JavaScript...
Cross-site Scripting (XSS)
cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists in upload function at bootstrap.php because due to improper sanitization of inputs which allows an attacker to inject and execute arbitrary javascript...
PHOENIX CONTACTs WP 6xxx series web panels Security Vulnerability
PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. A security vulnerability in PHOENIX CONTACTs WP 6xxx series web panels prior to version 4.0.10 exists in the web panels where an unauthenticated, remote attacker can access the upload function of...
CVE-2023-36220
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function...
CVE-2023-36220
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function...
Directory traversal
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function...
CVE-2023-36220
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function...
CVE-2023-36970
A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function...
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function...
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function...
PT-2023-25757 · Unknown · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.17 Description: The issue allows for Remote Command Execution via the File Upload Function. Recommendations: For CMS Made Simple version 2.2.17, update to a version that fixes this issue...
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...
Design/Logic Flaw
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...
PT-2023-11609 · Fuel Cms · Fuel Cms
Name of the Vulnerable Software and Affected Versions: Fuel-CMS version 1.4.6 Description: The issue allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. This enables the attacker to potentially gain unauthorized access and...
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...