CVE-2023-23937 Missing file upload type validation in pimcore/pimcore

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution

!/usr/bin/env python SOUND4 IMPACT/FIRST/PULSE/Eco =2.x upload.cgi Unauthenticated Remote Code Execution Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versio...

Remote code execution

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

PT-2022-25324 · Php Point Of Sale Llc +1 · Php Point Of Sale

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The application is affected by an authenticated Stored Cross-Site Scripting XSS issue in the upload and download functionality. This could allow attackers to escalate privileges or...

Broken Access Controls in Patient Files

Description An authenticated user without document access has the ability to direct access any document in the system by using a url similar to this http://domain/openemr/controller.php?document&retrieve&patientid=2&documentid=19. The autoincrement identifier was also susceptible of being...

CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...

Unrestricted file upload

eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality...

Atom CMS 2.0 - Remote Code Execution (RCE)

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

OS Command Injection

baserproject/basercms is vulnerable to OS command injection. An attacker can upload malicious zip files through the upload functionality in the library, leading to the path traversal on the host operating system...

Design/Logic Flaw

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a ca...

CVE-2021-23001

CVE-2021-23001 affects BIG-IP Advanced WAF/ASM; an authenticated user can upload files via an undisclosed iControl REST endpoint, potentially exhausting disk space or enabling later attacks. Affected versions include 16.0.0–16.0.1, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x. Remediation: upgrade ...

CVE-2021-23001

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a ca...

PDW File Browser 1.3 - Remote Code Execution

Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 24-10-2020 Exploit Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen Vendor Homepage: n/a Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: … ? Once you have uploaded your webshell...

EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1821)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function...

Directory traversal

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...

CVE-2020-12251

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...

Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload

Hi, An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...

Mail.ru: [xss] подмена content-type в загрузке лого к почте

Stored XSS in biz.mail.ru via upload log functionality...

Directory Traversal

oneup/uploader-bundle is vulnerable to directory traversal. A remote attacker is able to access system files outside of the root directory via the ../ characters in the POST parameters used to build a path where the chunks are stored and assembled temporarily. The vulnerability can be exploited b...