Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server.
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors.
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."
ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution.
In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755
Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root.
The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
MediaCAST 8 and earlier allows remote attackers to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to an "XML injection" issue.
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.
The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.
The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.
Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name.
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."
Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php.
Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
Google Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3.1.1.