43 matches found
Beijing Baichuo Smart S210 Management Platform Code Issue Vulnerability
Beijing Baichuo Smart S210 Management Platform is a multi-service security gateway intelligent management platform from Beijing Baichuo, China. A code issue exists in Beijing Baichuo Smart S210 Management Platform version 20240117 and prior versions, where an incorrect operation of the parameter...
CVE-2023-6353 Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter...
D-Link DAR-7000 Code Issue Vulnerability
D-Link DAR-7000 is an Internet Behavior Audit Gateway from China Youxun D-Link. A code issue vulnerability exists in the D-Link DAR-7000 and DAR-8000, which stems from an arbitrary file upload vulnerability in the parameter fileupload of file/useratte/web...
PT-2023-25519 · Typecho · Typecho
Name of the Vulnerable Software and Affected Versions: typecho version 1.2.1 Description: A File Upload issue allows a remote attacker to execute arbitrary code via the upload and options-general parameters in "index.php". Recommendations: For typecho version 1.2.1, as a temporary workaround,...
CVE-2020-22153
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function...
CVE-2020-22153
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function...
PT-2023-11544 · Ebcms · Ebcms
Name of the Vulnerable Software and Affected Versions: ebCMS version 1.1.0 Description: The issue allows a remote attacker to execute arbitrary code via the upload type parameter. This enables the attacker to potentially gain control over the system, leading to unauthorized access and malicious...
SUSE CVE-2007-2450
Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...
CVE-2022-4153
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...
WordPress Plugin Contest Gallery SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Barco Control Room 跨站脚本漏洞
Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the...
CVE-2022-30508
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...
CVE-2021-42645
CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...
ONLYOFFICE Document Server Path Traversal Vulnerability
Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A path traversal vulnerability exists in ONLYOFFICE Document Server, which stems from th...
ONLYOFFICE Document Server 路径遍历漏洞
Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A path traversal vulnerability exists in ONLYOFFICE Document Server, which stems from th...
The vulnerability in the scripts beatsUploader.php, photoUploader.php, and editAccount.php of the ClipBucket video content management system allows a hacker to upload malicious files to the server.
The vulnerability of the ClipBucket video content management system’s scripts beatUploader.php, photoUploader.php, and editAccount.php can be exploited. Exploiting this vulnerability allows a malicious actor to upload malicious files to the server using parameters like name for beatUploader.php a...
CVE-2018-6194
A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...
CVE-2018-5376
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...
CVE-2013-0136
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...
tomcat host manager XSS
Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...