11 matches found
EUVD-2018-21958
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...
CVE-2018-25436 WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...
CVE-2018-25436
The CVE concerns the WordPress plugin Baggage Freight Shipping Australia version 0.1.0, where an unrestricted file upload vulnerability exists via the upload-package.php endpoint. Unauthenticated attackers can submit POST requests with malicious file extensions, and the handler moves files to the...
MAL-2025-37923 Malicious code in upload_package (npm)
The package uploadpackage was found to contain malicious code...
MAL-2025-1690 Malicious code in @kamotive/api-file-upload (npm)
--- -= Per source details. Do not edit below this line.=-...
Exploit for CVE-2024-22263
CVE-2024-22263Scanner For Ethical Usage only, Any harmful or...
Malicious code in ba-upload (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-22263
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
CVE-2022-2528
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages...
Malicious code in @md-fe/antd-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b542149e81bea611059ed8fa1900541987c8fcea126948c3ef6b31c986161ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2019-11198
Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...