ECOA BAS controller arbitrary file upload vulnerability

ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to arbitrary file uploads, which can be exploited to send specially crafted URL requests to the /upload URI with the file name and rbt parameters containing The "dot"...

CVE-2018-10469

b3log Symphony aka Sym 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name parameter to the /upload URI...