416 matches found
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...
CVE-2024-50344
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...
PT-2024-6521 · Rockwell Automation · Rockwell Automation Pavilion8
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Pavilion8 affected versions not specified Description: A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could...
There is a file uploading vulnerability in Jiangsu Wave Information Consulting Company Limited's state-owned capital supervision informatization platform
Jiangsu Wave Information Consulting Co., Ltd. is an ERP senior industry consultants, deep technical background and industry experience, innovation, "integrity management, adhering to the advanced, deep technology" as the goal of the IT company. Jiangsu Wave Information Consulting Co., Ltd...
CVE-2024-40482
CVE-2024-40482 affects Kashipara Live Membership System v1.0. An unrestricted file upload in "/Membership/edit_member.php" enables attackers to upload a crafted PHP file and achieve arbitrary code execution. The CVSS basis is 9.8 (CRITICAL): Network access, no authentication, low attack complexit...
CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a...
[SECURITY] Fedora 40 Update: curl-8.6.0-9.fc40
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2024-38492 Symantec Privileged Access Manager Remote Command Execution vulnerability
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file...
Mini-Tmall Security Breach
Mini-Tmall is a Spring Boot based mini-Tmall mall, fast deployment and running, suitable for use as a Bijou template. A security vulnerability exists in Mini-Tmall version v2024.07.03. An attacker can exploit the vulnerability to upload arbitrary files via the component uploadUserHeadImage...
CVE-2024-36919
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spinlockbh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as...
PT-2024-35135 · WordPress · Postx
Name of the Vulnerable Software and Affected Versions: PostX plugin for WordPress versions up to, and including, 4.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's file uploading feature due to insufficient input sanitization and output escaping. This allows...
[SECURITY] Fedora 39 Update: curl-8.2.1-5.fc39
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
[SECURITY] Fedora 40 Update: curl-8.6.0-8.fc40
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
CVE-2024-3400 Simple Python code to check for arbitrary upload...
Invision Community 4.7.16 Remote Code Execution Vulnerability
------------------------------------------------------------------------------ Invision Community = 4.7.16 toolbar.php Remote Code Execution Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...
CVE-2024-1148
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files...
CVE-2024-1148
OpenText PVCS Version Manager contains weak access control that could bypass authentication and allow arbitrary file uploads. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no user interaction required. Affected: PVCS Version Manager (OpenText). Root cause: weak access control enabling a...
IBM Operational Decision Manager Code Issue Vulnerability
IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a code issue vulnerability that originates from the ability ...
CVE-2022-42443
An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535...
CVE-2022-42443
The CVE-2022-42443 issue affects IBM Trusteer Mobile SDKs: Trusteer iOS SDK prior to 5.7 and Trusteer Android SDK prior to 5.7. The vulnerability, described as an undisclosed issue that may allow file uploads, is supported by IBM Security Bulletin and corroborating entries in Red Hat, CVE listing...