ZDNet

Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums

Through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store ...
Threat Post

Thousands of Applications Vulnerable to RCE via jQuery File Upload

The flaw has existed for eight years thanks to a security change in Apache. A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 ...
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.
Dark Reading

Test: Most Web Application Scanners Missed Nearly Half Of Vulnerabilities

Most Web application scanning tools miss vulnerabilities and generate false positives on their own public testing sites, according to a recent test of some of these products. Larry Suto, an ...