CVE-2024-38492 Symantec Privileged Access Manager Remote Command Execution vulnerability

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file...

CVE-2023-34855

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

phpPgAdmin 7.13.0 Command Execution

Exploit Title: phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution Authenticated Date: 29/03/2021 Exploit Author: Valerio Severini Vendor Homepage: Software Link: https://github.com/phppgadmin/phppgadmin/releases/tag/REL7-13-0 Version: 7.13.0 or lower Tested on: Debian 10 and Ubuntu...

CVE-2020-14166

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting XSS vulnerability by uploading a html file...

CVE-2020-5286

In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5...

Remote code execution

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...

arxius: XSS in content type header when uploading file.

Hello. First of all I wish you good luck securing your site, as far as I can tell, your site is secured, and this bug is minor. It affects the content type header, when a file with an invalid content-type is uploaded, the value of the content-type file header is echoed back without any filtering...

Spitfire CMS 1.1.4 - Cross-Site Request Forgery

Exploit Title: spitefire CMS - CSRF / ADD / EDTI / UPLOAD FILE Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://spitfire.clausmuus.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected...

CVE-2012-5610

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name...

VMSA-2009-0011:VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0

VMSA-2009-0011 VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0 VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2009-0011 VMware Security Advisory Synopsis: VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2...