ZDNet

Zero-day in popular jQuery plugin actively exploited for at least three years

For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability ...
GitHub

cl0w5/rails-resumable-jquery-fileupload

The app has one model Course, which has_attached_file :upload. Once a Course has been created, the user is redirected to the upload action of CoursesController. The user can choose a local file to ...
Threat Post

Thousands of Applications Vulnerable to RCE via jQuery File Upload

The flaw has existed for eight years thanks to a security change in Apache. A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 ...
Bleeping Computer

jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

jQuery File Upload has been vulnerable for eight years, since the Apache 2.3.9 release in 2010. The coding faux pas did not go unnoticed all this time, and the method for exploiting it has been shared ...
GitHub

CVE-2014-8739 - jQuery File Upload - Unrestricted File Upload

jQuery File Upload Plugin 6.4.4 contains an unrestricted file upload caused by lack of validation in server/php/UploadHandler.php, letting remote attackers execute arbitrary PHP code by uploading PHP ...
Houston Chronicle

Why Is jQuery Not Working on My Web Server?

JQuery is a JavaScript framework and library that adds CSS-like selectors, animations and handy functions to your Web programming arsenal. When jQuery scripts fail to work on your Web server, chances ...