ZDNet

Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums

Through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store ...
Threat Post

Thousands of Applications Vulnerable to RCE via jQuery File Upload

The flaw has existed for eight years thanks to a security change in Apache. A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 ...
Computer Weekly

File upload security best practices: Block a malicious file upload

We need to allow our customers to upload files for one of our Web applications. What are the security implications of allowing users to upload files on our website? The ability to upload files on a ...
Computerworld

Application security vulnerabilities in Web.config files, part 1

SPI Dynamics – These days, the biggest threat to an organization’s network security comes from its public Web site and the Web-based applications found there. Unlike internal-only network services ...
Searchenginejournal.com

Contact Form 7 Vulnerability in +5 Million Sites

A vulnerability has been discovered in Contact Form 7 that allows an attacker to upload malicious scripts. The publishers of Contact Form 7 have released an update to fix the vulnerability. An ...
SecurityWeek

CISA Warns of Exploited DELMIA Factory Software Vulnerabilities

Now, CISA says that both issues have been exploited in the wild, by adding them to its Known Exploited Vulnerabilities (KEV) ...
Threat Post

Riverbed Patches Vulnerabilities in Application Monitoring Portal

Riverbed Technology, whose products are used by most of the Global 500, patched vulnerabilities in its SteelCentral Portal used for critical application performance monitoring. Riverbed Technology has ...