Lucene search
K

157 matches found

Positive Technologies
Positive Technologies
added 2024/04/21 12:0 a.m.5 views

PT-2024-6688 · Abb · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT Enterprise versions through 3.08.01 ABB NEXUS Series versions through 3.08.01 ABB MATRIX Series versions through 3.08.01 Description: An improper input validation vulnerability exists in the uploadFile function within the...

10CVSS9.6AI score0.1901EPSS
Exploits4References21
NVD
NVD
added 2024/03/22 4:15 a.m.21 views

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

6.1CVSS5AI score0.00366EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/03/22 12:0 a.m.7 views

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

5.2AI score0.00366EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/03/22 12:0 a.m.23 views

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

5.1AI score0.00366EPSS
Exploits1References1
CVE
CVE
added 2024/03/22 12:0 a.m.62 views

CVE-2024-29273

Affected software: dzzoffice 2.02.1 SC UTF8. Vulnerability: Stored XSS via an SVG payload uploaded to uploadfile/index.php, exploiting insufficient input filtering/escaping. Impact: could allow execution of arbitrary script in the victim’s browser (per CVE description; CVSS base 6.1, UI: Required...

6.1CVSS5.1AI score0.00366EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/02/27 1:15 a.m.4 views

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

6.1CVSS6.1AI score0.00549EPSS
Exploits0References1
NVD
NVD
added 2024/02/27 1:15 a.m.11 views

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

6.1CVSS7AI score0.00549EPSS
Exploits0References1
Prion
Prion
added 2024/02/27 1:15 a.m.21 views

Cross site scripting

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

7.2AI score0.00549EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/27 12:0 a.m.28 views

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

7.3AI score0.00549EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.6 views

71CMS Security Breach

71CMS is xiaocheng-keji open source a smart party building system. 71CMS v.1.0.0 version has a security vulnerability. Attackers use this vulnerability to execute arbitrary code via the uploadfile parameter in the controller.php file...

6.1CVSS7.7AI score0.00549EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.4 views

PT-2024-20794 · 71Cms · 71Cms

Name of the Vulnerable Software and Affected Versions: 71CMS version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. This is a Cross Site Scripting vulnerability. Recommendations: For 71CMS version...

6.1CVSS6.9AI score0.00549EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.17 views

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadFile method. The issue...

7.2CVSS7.8AI score0.02089EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.6 views

PT-2024-14219 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the existing authentication...

7.2CVSS7.8AI score0.02089EPSS
Exploits0References5
NVD
NVD
added 2024/01/30 3:15 p.m.22 views

CVE-2024-1034

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...

9.8CVSS7.9AI score0.00764EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/30 2:31 p.m.12 views

CVE-2024-1034 openBI File.php uploadFile unrestricted upload

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...

7.5CVSS6.9AI score0.00764EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.2 views

openBI Security Vulnerabilities

openBI is a big data visualization solution from openBI Inc. A security vulnerability exists in openBI version 1.0.8, which stems from an unrestricted file upload in the uploadFile method of the /application/index/controller/File.php file...

9.8CVSS6.9AI score0.00764EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.6 views

PT-2024-16199 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical vulnerability was found in openBI, affecting the uploadFile function of the file /application/index/controller/File.php. This leads to unrestricted upload and can be initiated remotely. The...

9.8CVSS7.3AI score0.00764EPSS
Exploits0References8
OSV
OSV
added 2024/01/26 7:15 p.m.5 views

CVE-2024-0939

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. The attack can be initiated...

9.8CVSS5.4AI score0.43777EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.10 views

PT-2024-15924 · Beijing Baichuo · Beijing Baichuo Smart S210 Management Platform

Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S210 Management Platform versions up to 20240117 Description: A critical vulnerability has been found in the Beijing Baichuo Smart S210 Management Platform. The issue affects the file /Tool/uploadfile.php, where the...

9.8CVSS6.5AI score0.43777EPSS
Exploits1References8
Cvelist
Cvelist
added 2023/12/24 9:0 p.m.32 views

CVE-2023-7091 Dreamer CMS uploadFile unrestricted upload

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to...

6.5CVSS8.9AI score0.00885EPSS
Exploits1References3
Rows per page
Query Builder