![]() ![]() ![]() This issue affects some unknown processing of the file documents.php. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.Ī vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. There are no known workarounds for this vulnerability.Ī vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This issue has been addressed in version 6.8.29. When this file is uploaded, the JavaScript code within the filename is executed. ![]() For instance, using a filename such as “>.jpg” triggers the vulnerability. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. ![]() Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. Group-Office is an enterprise CRM and groupware tool. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |