Joomla JCE (CVE-2012-2902)

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension. Registered as CVE-2012-2902 Pyxsoft solution Multiple exploits combine the JCE vulnerability with Multipart…

Multipart Strict Error

Users upload data. No matter what web application they are using, most of them needs data to be uploaded. Normally users upload images, text files, documents, pdf and more. To upload a file, web browsers send to the server a request known as “Multipart Form”. Multipart form have a specific format defined in RFC 2388…

WordPress load-scripts DoS vulnerability

WordPress Vulnerability CVE-2018-6389 February, 5th, 2017. A new WordPress vulnerability was discovered by Israeli researcher Barak Tawily. According to the official WordPress website, 29% of the existing websites use this platform and, therefore, are affected by this vulnerability. The problem lies upon the load-scripts.php file, which purpose is to retrieve several Javascript packages through one…