Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

171 matches found

Positive Technologies
Positive Technologiesadded 2023/12/17 12:0 a.m.3 views

PT-2023-32798 · Saysky · Sayski Forestblog

Name of the Vulnerable Software and Affected Versions: saysky ForestBlog up to 20220630 Description: A critical issue has been found in the Image Upload Handler component, affecting the /admin/upload/img file. The manipulation of the filename argument leads to unrestricted upload. This issue can ...

9.8CVSS6.4AI score0.00077EPSS
Exploits1References6
CNNVD
CNNVDadded 2023/09/20 12:0 a.m.1 views

D-LINK DWL-6610 Command Injection Vulnerability

The D-Link DWL-6610 is a wireless access point from D-Link. A security vulnerability exists in the D-LINK DWL-6610 due to a command injection vulnerability in the configuploadhandler function. An attacker can use this vulnerability to execute arbitrary commands via the configRestore parameter...

9.8CVSS8.2AI score0.01946EPSS
Exploits1References2
OSV
OSVadded 2023/09/18 5:15 a.m.1 views

CVE-2023-5034

A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...

9.8CVSS4.9AI score
Exploits0References3
Prion
Prionadded 2023/09/18 5:15 a.m.9 views

Out-of-bounds

A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...

6.5CVSS9.5AI score0.00068EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2023/07/11 5:15 p.m.2 views

CVE-2023-3623

A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Duty/AjaxHandle/UploadHandler.ashx of the component Duty Module. The...

9.8CVSS5.4AI score0.00114EPSS
Exploits1References3
CNNVD
CNNVDadded 2023/07/11 12:0 a.m.3 views

Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System 代码问题漏洞

Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System is a flash flood prevention monitoring and early warning system from Suncreate. The Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System is vulnerable to a code issue in the file...

9.8CVSS6.9AI score0.00114EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2023/07/10 12:0 a.m.2 views

PT-2023-5381 · D Link · D-Link Dwl-6610Ap

Name of the Vulnerable Software and Affected Versions: D-LINK DWL-6610 version 4.3.0.8B003C Description: The issue is related to a command injection vulnerability in the config upload handler function. This vulnerability allows attackers to execute arbitrary commands via the configRestore...

9.8CVSS8.4AI score0.01946EPSS
Exploits1References7
NVD
NVDadded 2023/05/27 9:15 a.m.10 views

CVE-2023-2926

A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit...

6.5CVSS5.8AI score0.00356EPSS
Exploits1References3
Prion
Prionadded 2023/05/27 9:15 a.m.15 views

Design/Logic Flaw

A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit...

5.5CVSS6.5AI score0.00356EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2023/05/27 9:0 a.m.14 views

CVE-2023-2926 SeaCMS Picture Upload member.php denial of service

A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit...

5.5CVSS6.7AI score0.00356EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/05/27 12:0 a.m.3 views

PT-2023-22225 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 11.6 Description: A problematic issue affects the Picture Upload Handler component, specifically the file member.php, where the manipulation of the oldpic argument leads to denial of service. The attack can be initiated remotel...

6.5CVSS7AI score0.00356EPSS
Exploits1References6
NVD
NVDadded 2023/05/11 8:15 a.m.10 views

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS7.3AI score0.13692EPSS
Exploits1References3
OSV
OSVadded 2023/05/11 8:15 a.m.1 views

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS6.3AI score
Exploits0References3
Prion
Prionadded 2023/05/11 8:15 a.m.15 views

Command injection

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

6.5CVSS8.9AI score0.13692EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2023/05/11 7:31 a.m.158 views

CVE-2023-2647

Weaver E-Office 9.5 is affected by a command-injection vulnerability in the File Upload Handler, specifically the /webroot/inc/utility_all.php file. The issue allows remote exploitation and has been publicly disclosed. Multiple connected sources consistently identify the vulnerable component as t...

8.8CVSS7.8AI score0.13692EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2023/05/11 12:0 a.m.3 views

PT-2023-20660 · Unknown · Weaver E-Office

Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: A critical issue was found in the File Upload Handler component, specifically in the /webroot/inc/utility all.php file, which leads to command injection. This issue can be exploited remotely. The vendo...

8.8CVSS6.9AI score0.13692EPSS
Exploits1References5
Veracode
Veracodeadded 2023/04/10 4:35 a.m.19 views

Path Traversal

github.com/sjqzhang/go-fastdfs is vulnerable to Path Traversal. The vulnerability exists because the Upload function of fileserver.go does not properly check custom paths, which allows an attacker to access files outside the expected directory through the /group1/upload in the File Upload Handler...

9.8CVSS8.8AI score0.47312EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2023/04/02 12:30 p.m.13 views

GHSA-XQ3X-GRRJ-FJ6X sjqzhang go-fastdfs vulnerable to path traversal

sjqzhang go-fastdfs up to 1.4.3 is vulnerable to path traversal in the function upload of the file /group1/upload of the component File Upload Handler. The attack may be launched remotely and the exploit has been disclosed to the public and may be used...

9.8CVSS8.4AI score0.47312EPSS
Exploits1References7
NVD
NVDadded 2023/04/02 11:15 a.m.6 views

CVE-2023-1800

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

9.8CVSS7.8AI score0.47312EPSS
Exploits1References3
OSV
OSVadded 2023/04/02 11:15 a.m.9 views

CVE-2023-1800

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

9.8CVSS9.8AI score
Exploits0References3
Rows per page
Query Builder