Latest Security News about unrestricted file upload

unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

  Overview : An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application. CVE-2020-8639 [...]

Umbraco CMS 8.5.3 allows an authenticated file upload

  Overview : Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. Umbraco CMS 8.5.3 - Authenticated FileUpload PoC Attack Type: File Upload Product Version: 8.5.3 OWASP Category: Unrestricted File Upload Solution: Add package integrity mechanisms and/or file extension whitelist/blacklist filtering Summary: Umbraco CMS 8.5.3 allows [...]

Vtiger CRM <= 6.3 Authenticated Remote Code Execution

Overview : Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code Execution. Affected Product(s) : vTiger CRM 6.3.0 Vulnerability Details : CVE ID : CVE-2015-600 Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to […]

ArcSight Logger Security Vulnerability

Overview : ‘External Task is undefined’ & ‘Syntax error’ errors appear on browser console after a Logger report query object is being created (new/modify) using IE browser. Reports with lengthy names (> 60 characters) emailed via SMTP server are attached with an incorrect filename and extension. Affected Product(s) : ArcSight Logger 6.71 Vulnerability Details : […]

Apache HTTP Server 2.4 vulnerabilities

  Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. CVE-2020-1927   Apache HTTP Server 2.4 vulnerabilities This page lists all security vulnerabilities fixed in released versions [...]