CVE-2023-6353

Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter...

Design/Logic Flaw

Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter...

PT-2023-32622 · Tyler Technologies · Tyler Technologies Civil/Criminal Electronic Filing

Name of the Vulnerable Software and Affected Versions: Tyler Technologies Civil and Criminal Electronic Filing affected versions not specified Description: The issue allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the 'enky' parameter in the Upload.asp...

PT-2023-26227 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System

Name of the Vulnerable Software and Affected Versions: Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0 Description: A critical issue has been discovered, affecting the /App Resource/UEditor/server/upload.aspx file, where the manipulation of the file argument leads to...

网站通 CMS FCKeditor 组件文件上传漏洞

GoogleHack：inurl:second.aspx?nodeid= filetype:aspx查了下还有比较多的后台管理URL：/console/login.aspxFCK编辑器版本（fckabout.html）2.4.1存在漏洞，下一步就是找寻上传点：尝试几个都不存在，browser.html文件访问时被重定向，直接找FCK...

CVE-2010-0716

Affected software : Microsoft SharePoint (Documents module). Vulnerability : Cross-site scripting via _layouts/Upload.aspx when uploading files (same-hostname/port used for primary files and attachments). Root cause : same-origin relationship leveraged to inject script in uploaded TXT files; requ...

CVE-2010-0716

layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and...