Lucene search
K

43 matches found

CNNVD
CNNVD
added 2024/01/26 12:0 a.m.7 views

Beijing Baichuo Smart S210 Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S210 Management Platform is a multi-service security gateway intelligent management platform from Beijing Baichuo, China. A code issue exists in Beijing Baichuo Smart S210 Management Platform version 20240117 and prior versions, where an incorrect operation of the parameter...

9.8CVSS7.1AI score0.43777EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/11/30 5:51 p.m.3 views

CVE-2023-6353 Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass

Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter...

5.3CVSS7.3AI score0.00991EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/25 12:0 a.m.4 views

D-Link DAR-7000 Code Issue Vulnerability

D-Link DAR-7000 is an Internet Behavior Audit Gateway from China Youxun D-Link. A code issue vulnerability exists in the D-Link DAR-7000 and DAR-8000, which stems from an arbitrary file upload vulnerability in the parameter fileupload of file/useratte/web...

8.8CVSS7.4AI score0.2283EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.3 views

PT-2023-25519 · Typecho · Typecho

Name of the Vulnerable Software and Affected Versions: typecho version 1.2.1 Description: A File Upload issue allows a remote attacker to execute arbitrary code via the upload and options-general parameters in "index.php". Recommendations: For typecho version 1.2.1, as a temporary workaround,...

8.8CVSS8.9AI score0.01435EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/07/03 12:0 a.m.9 views

CVE-2020-22153

File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function...

7.8AI score0.01453EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/03 12:0 a.m.29 views

CVE-2020-22153

File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function...

9.6AI score0.01453EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.3 views

PT-2023-11544 · Ebcms · Ebcms

Name of the Vulnerable Software and Affected Versions: ebCMS version 1.1.0 Description: The issue allows a remote attacker to execute arbitrary code via the upload type parameter. This enables the attacker to potentially gain control over the system, leading to unauthorized access and malicious...

8.8CVSS8.6AI score0.01263EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-2450

Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...

3.5CVSS5.9AI score0.03291EPSS
Exploits0References6
OSV
OSV
added 2022/12/26 1:15 p.m.5 views

CVE-2022-4153

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...

6.5CVSS5.8AI score0.00854EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.6 views

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS6.6AI score0.00854EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.3 views

Barco Control Room 跨站脚本漏洞

Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the...

6.1CVSS5.6AI score0.00525EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/26 6:15 p.m.3 views

CVE-2022-30508

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...

6.5CVSS6.7AI score0.01076EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/05/10 11:14 a.m.17 views

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

10AI score0.04395EPSS
Exploits1References2
CNVD
CNVD
added 2021/02/01 12:0 a.m.7 views

ONLYOFFICE Document Server Path Traversal Vulnerability

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A path traversal vulnerability exists in ONLYOFFICE Document Server, which stems from th...

9.8CVSS6.7AI score0.08215EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.6 views

ONLYOFFICE Document Server 路径遍历漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A path traversal vulnerability exists in ONLYOFFICE Document Server, which stems from th...

9.8CVSS7.3AI score0.08215EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2018/04/19 12:0 a.m.6 views

The vulnerability in the scripts beatsUploader.php, photoUploader.php, and editAccount.php of the ClipBucket video content management system allows a hacker to upload malicious files to the server.

The vulnerability of the ClipBucket video content management system’s scripts beatUploader.php, photoUploader.php, and editAccount.php can be exploited. Exploiting this vulnerability allows a malicious actor to upload malicious files to the server using parameters like name for beatUploader.php a...

10CVSS5.5AI score0.16414EPSS
Exploits2References3
OSV
OSV
added 2018/01/30 8:29 p.m.4 views

CVE-2018-6194

A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...

4.8CVSS5.8AI score0.01048EPSS
Exploits2References4
OSV
OSV
added 2018/01/12 9:29 a.m.5 views

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...

6.1CVSS5.8AI score0.00831EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2013/06/01 2:21 p.m.4 views

CVE-2013-0136

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...

8.5CVSS6AI score0.40338EPSS
Exploits8References5
RedHat Linux
RedHat Linux
added 2008/06/30 3:33 p.m.6 views

tomcat host manager XSS

Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...

3.5CVSS5.8AI score0.03291EPSS
Exploits0References4
Rows per page
Query Builder