Design/Logic Flaw

handler/uploadhandler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field...

CVE-2020-11414

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the...

DEBIAN-CVE-2019-16217

WordPress before 5.2.3 allows XSS in media uploads because wpajaxuploadattachment is mishandled...

CVE-2016-10756

Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/uploadmain.php can be used for the upload itself...

CVE-2019-9623

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...

Feng Office Arbitrary Code Execution Vulnerability

Feng Office is an open source online collaboration system , using the B/S architecture , using php language development . An arbitrary code execution vulnerability exists in Feng Office 3.7.0.5. A remote attacker can exploit this vulnerability by using the "! --exec cmd=" in the...

GHSA-MH7G-99W9-XPJM Remote code execution occurs in Apache Solr

Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

CVE-2017-7351

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload...

DEBIAN-CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

Pear HTTP_Upload 1.0. 0b3 - arbitrary file upload

Vulnerability description Vulnerability impact: Pear HTTPUpload 1.0. 0b3 Download: https://pear.php.net/manual/en/package.http.http-upload.php Vulnerability type: arbitrary file upload Pear HTTPUpload profile: Pear's HTTPUpload class library provides a good package of html form file upload handle...

Wordpress plugin bordeaux theme upload shell vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An upload vulnerability exists in the WordPress plugin bordeaux theme, which can be exploited by an attacker ...

WordPress Curvo Themes - CSRF File Upload Vulnerability

No description provided by source. . . . \ \ | / \ \ \ | || / \ / / \ / |/ \ / | / \ / / /| | |/ \ \ \ // \ / / | \ /\ / | \ \ \ / \ //\ |\ | /\ // | /|\ / / / / / / / Exploit Title: WordPress Curvo Themes CSRF File Upload Vulnerability Author: Byakuya Date: 10/26/2013 Vendor...

Wordpress Highlight Premium Theme - CSRF File Upload Vulnerability

No description provided by source. Title : Wordpress Highlight Premium Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/10/2013 - 10 November 2013 Category : Web Applications Type : PHP Vendor : http://themeforest.net Download :...

WordPress Theme Kernel - Remote File Upload Vulnerability

No description provided by source. Exploit Title: WordPress themekernel-theme Themes Remote File Upload Vulnerability Author: iskorpitx Date: 6/11/2013 Vendor Homepage: http://www.wikmag.com/ Themes Link: http://themeforest.net/item/kernel-premium-wordpress-blog-magazine-theme-/857077 Infected...

WordPress The Cotton Theme任意文件上传漏洞

Bugtraq ID:65958 WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress The Cotton Theme不正确过滤用户提交的上传文件，允许远程攻击者利用漏洞提交特制的文件，并以WEB权限执行。 0 WordPress The Cotton Theme 目前没有详细解决方案提供： http://www.wordpress.org ?php $uploadfile="IeDb.php"; $ch =...

WordPress TheCotton Shell Upload

@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...

WordPress Theme Dandelion - Arbitrary File Upload

Exploit Title: Wordpress Dandelion Themes Arbitry File Upload Google Dork: inurl:/wp-content/themes/dandelion/ Date: 31/01/2014 Exploit Author: TheBlackMonster Marouane Vendor Homepage: http://themeforest.net/item/dandelion-powerful-elegant-wordpress-theme/136628 Software Link: Not Available...

WordPress Theme Amplus - Cross-Site Request Forgery

Title : Wordpress Amplus Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Vendor : http://themeforest.net Download : http://themeforest.net/item/amplus-responsive-multilingual-wordpress-theme/ Greetz : 0day-id.c...

WordPress Dimension Cross Site Request Forgery

Title : Wordpress Dimension Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Vendor : http://themeforest.net Download : http://themeforest.net/item/dimension-retina-responsive-multipurpose-theme/ Greetz :...

WordPress Euclid Cross Site Request Forgery Vulnerability

WordPress Euclid theme suffers from a cross site request forgery vulnerability. Title : Wordpress Euclid V1 Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Version : 1.x.x Vendor : http://freelancewp.com Downlo...