Lucene search
K

208 matches found

OSV
OSV
added 2023/07/05 10:40 p.m.18 views

GHSA-JPGW-2R9M-8QFW Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...

8.1CVSS6.8AI score0.00692EPSS
Exploits1References10
Cvelist
Cvelist
added 2023/06/26 12:0 a.m.45 views

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

9.8AI score0.25782EPSS
Exploits1References1
CVE
CVE
added 2023/06/06 6:3 p.m.82 views

CVE-2023-33977

Kiwi TCMS is affected by CVE-2023-33977 (stored XSS via unrestricted file upload) in versions prior to 12.4. The root cause is incomplete upload validation that can permit uploading potentially dangerous files, enabling arbitrary JavaScript execution in the browser. An additional issue involves N...

8.1CVSS6.8AI score0.0087EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2023/05/29 12:0 a.m.22 views

PHPOK Arbitrary File Upload Vulnerability (CNVD-2023-43865)

PHPOK is an enterprise building system that supports expansion. PHPOK version 6.4.100 suffers from an arbitrary file upload vulnerability, which stems from admin.php?c=upload&f=zip&noCache=0.1683794968 lack of valid validation of the uploaded file. An attacker can exploit this vulnerability to...

8.8CVSS7.6AI score0.00694EPSS
Exploits1References1
NVD
NVD
added 2023/05/27 4:15 a.m.18 views

CVE-2023-32686

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS8AI score0.00431EPSS
Exploits0References2
Prion
Prion
added 2023/05/27 4:15 a.m.20 views

Input validation

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

4.9CVSS5.6AI score0.00431EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/05/22 7:39 p.m.48 views

GHSA-X7C2-7WVG-JPX7 kiwitcms vulnerable to stored XSS via unrestricted files upload

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see GHSA-fwcf-753v-fgcj and Content-Security-Policy definition to prevent...

5.4CVSS6.6AI score0.00431EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.6 views

PT-2023-23961

Name of the Vulnerable Software and Affected Versions Kiwi TCMS versions prior to 12.3 Description The issue arises from insufficient upload validation checks in Kiwi TCMS, allowing an attacker to upload potentially dangerous files. These files can be combined to circumvent the existing...

8.1CVSS6.9AI score0.00431EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.4 views

PT-2023-23492 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Computer and Laptop Store version 1.0 Description: The issue allows unrestricted file upload, which can lead to remote code execution. The vulnerability path is "/classes/Users.php?f=save". Recommendations: For version...

9.8CVSS7.8AI score0.01519EPSS
Exploits1References4
OSV
OSV
added 2023/05/15 1:15 p.m.6 views

CVE-2022-4774

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

9.8CVSS5.9AI score0.01785EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/05/07 12:0 a.m.6 views

CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

9.5AI score0.0138EPSS
Exploits0References6
OSV
OSV
added 2023/05/02 8:15 a.m.5 views

CVE-2023-0924

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...

7.2CVSS7.2AI score0.00962EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/05/01 12:0 a.m.4 views

Apache StreamPark 代码问题漏洞

Apache StreamPark is a streaming media application development framework from the Apache Foundation. Apache StreamPark suffers from a code issue vulnerability that stems from allowing any user to upload a jar as an application, but not forcing validation of the uploaded file type, leading to the...

9.8CVSS8.6AI score0.01308EPSS
Exploits0References2
NVD
NVD
added 2023/04/24 5:15 p.m.38 views

CVE-2023-30613

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

9CVSS8.2AI score0.01024EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.6 views

PT-2023-22810

Name of the Vulnerable Software and Affected Versions Kiwi TCMS versions prior to 12.2 Description The issue allows users to upload attachments to test plans, test cases, etc., without control over the types of files that can be uploaded. A malicious actor may upload an .exe file or a file...

9CVSS7.2AI score0.01024EPSS
Exploits1References13
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.4 views

SAP Business Planning and Consolidation 代码问题漏洞

SAP Business Planning and Consolidation is a business planning and consolidation software from SAP, Germany. The software provides budgeting, forecasting, and financial consolidation capabilities. A code issue vulnerability exists in SAP Business Planning and Consolidation version 200, version 30...

5.4CVSS5.7AI score0.00345EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/03 7:31 p.m.9 views

CVE-2023-23937 Missing file upload type validation in pimcore/pimcore

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...

8.2CVSS8.3AI score0.00476EPSS
Exploits0References2
Prion
Prion
added 2023/01/23 3:15 p.m.24 views

Design/Logic Flaw

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from...

7.5CVSS9.5AI score0.02084EPSS
Exploits12References1Affected Software1
Cvelist
Cvelist
added 2023/01/23 2:48 p.m.24 views

CVE-2022-0316 Multiple themes - Unauthenticated Arbitrary File Upload

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from...

9.8AI score0.02084EPSS
Exploits12References1
OSV
OSV
added 2023/01/11 12:0 a.m.7 views

CVE-2022-0553 Possible to retrieve uncrypted firmware image

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...

6.5CVSS5.9AI score0.00282EPSS
Exploits1References3
Rows per page
Query Builder