36 matches found
EUVD-2019-9121
Malware in sbrugna...
EUVD-2022-3020
Malicious code in bioql PyPI...
EUVD-2024-49697
Malicious code in bioql PyPI...
WordPress URL Media Uploader plugin <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding vulnerability
Authenticated Author+ Server-Side Request Forgery via DNS Rebinding vulnerability discovered by ch4r0n in WordPress Plugin URL Media Uploader versions = 1.0.0...
CVE-2024-13720
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...
CVE-2024-0864 RCE in Laragon
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution RCE attack via an improper input validation in a fileupload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned...
GHSA-7JCX-J6GV-M4HF Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server...
GHSA-8G9W-5JV6-7M4X Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2022-27218
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
PT-2022-18306 · Jenkins · Jenkins Incapptic Connect Uploader Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins incapptic connect uploader Plugin versions 1.15 and earlier Description: The issue allows tokens to be stored unencrypted in job config.xml files on the Jenkins controller. These tokens can be viewed by users with Extended Read...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Frontend Uploader prior to version 1.3.2, which stems from the fact that the plugin does not prevent the uploading of HTML files, e.g., it allows unauthenticate...
CVE-2020-36079
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the FileselFinder portion of the UI. This can, for example, place a .php file i...
CVE-2020-36079
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the FileselFinder portion of the UI. This can, for example, place a .php file i...
Zenphoto CMS 1.5.7 Shell Upload Vulnerability
Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - = 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then FileselFinder drag and drop any malicious php...
Zenphoto 代码问题漏洞
Zenphoto is an open source content management system CMS for building multimedia websites. An arbitrary file upload vulnerability exists in Zenphoto 1.5.7 and earlier versions. An attacker can exploit this vulnerability by navigating to the uploader plugin, checking the elFinder box, and then...
Malicious Package in uploader-plugin
Version 1.0.2 of uploader-plugin contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
GHSA-FX6F-FPFV-5HMC Malicious Package in uploader-plugin
Version 1.0.2 of uploader-plugin contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
CloudBees Jenkins Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks.Fortify on Demand Uploader Plugin is used in which a plug-in for submitting...
CloudBees Jenkins SSRF Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks.Fortify on Demand Uploader Plugin is used in which a plug-in for submitting...
CVE-2019-1003046
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server...