Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One that originates from allowing a pre-authenticated remote attacker to upload malicious code and execute commands...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One that originates from allowing a pre-authenticated remote attacker to upload malicious code and execute commands...

CVE-2025-40633 Stored Cross-Site Scripting (XSS) in Koibox

A Stored Cross-Site Scripting XSS vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the '/es/dashboard/clientes/ficha/' endpoint...

CVE-2024-28166

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

CVE-2024-28166

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

CVE-2023-24530

SAP BusinessObjects Business Intelligence Platform CMC - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the...

Remote Code Execution

drupal/core is vulnerable to remote code execution. A remote attacker is able to bypass protections provided in sanitizeName function because the filenames with .htaccess extension are not properly sanitized, which allows the attacker to upload and execute malicious code on the system under attac...

uniview ISC2500-S 代码问题漏洞

The uniview ISC2500-S is a network device from the Chinese company uniview. It is a network DVR. A security vulnerability exists in the uniview ISC2500-S, which can be exploited by attackers to upload malicious code via Interface DevManage EC.php...

CVE-2021-27817

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix...

CVE-2019-7589 Kantech EntraPass Improper Input Validation

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and...

ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...

ADVISORY: ASPDOTNETSTOREFRONT Improper Upload Validation

ASPDOTNETSTOREFRONT Improper Upload Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser...