85 matches found
Gradio Code Issue Vulnerability
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A security vulnerability exists in Gradio version v3.27.0, which stems from an arbitrary file upload vulnerability in the /upload interface...
CVE-2023-41626
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
PT-2023-28006 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: Gradio version 3.27.0 Description: The issue is related to an arbitrary file upload vulnerability. This vulnerability can be exploited via the "/upload" interface. Recommendations: For Gradio version 3.27.0, consider disabling the /upload...
CVE-2020-24113
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service DoS...
CVE-2023-34660
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface...
jjeecg-boot 代码问题漏洞
JEECG jjeecg-boot is a low-code development platform based on a code generator from JEECG. A security vulnerability exists in jjeecg-boot version V3.5.0, which originates from an unauthorized arbitrary file upload issue in the /jeecg-boot/jmreport/upload interface...
CVE-2023-34660
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface...
D-Link DI-7500G-CI 跨站脚本漏洞
The D-Link DI-7500G-CI is an Internet Behavior Management router from China-based D-Link. A security vulnerability exists in the D-Link DI-7500G-CI-19.05.29A, which can be exploited to execute arbitrary code via the /authpic.cgi file upload interface in the route management interface...
CVE-2022-24651
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...
CVE-2022-24652
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...
Tensent SentCMS 代码问题漏洞
Tensent SentCMS is a simple and easy-to-use website management system from Tensent, China. A security vulnerability exists in Tensent SentCMS version 4.0.x. The vulnerability stems from a lack of validation of uploaded files in the file upload interface of the /admin/upload/upload php code in the...
CVE-2020-19672
CVE-2020-19672 affects Niushop B2B2C Multi-business basic version V1.11. The vulnerability allows bypassing the administrator to access the background upload interface, exploiting an upload parameter to bypass getimagesize and upload a PHP file, leading to getshell. This is what the provided docu...
CVE-2020-11960
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in cupload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS...
Cross site scripting
A cross-site scripting XSS vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the file upload interface. A...
CVE-2019-17376
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface SEC-521...
CVE-2019-17376
CVE-2019-17376 affects cPanel prior to 82.0.15, where the SSL Certificate Upload interface is vulnerable to self-XSS due to insufficient validation in client-side data handling. Multiple sources confirm the flaw exists in the SSL Certificate Upload feature and is tied to versions older than 82.0....
cPanel cross-site scripting vulnerability (CNVD-2019-27021)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the alias upload interface in versions prior to cPanel 60.0.25. The vulnerability...
CVE-2016-10784
cPanel before 60.0.25 allows self XSS in the alias upload interface SEC-184...
CVE-2018-20926
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface SEC-380...
CVE-2018-20925
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface SEC-379...