6 matches found
CVE-2026-53909
MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...
CVE-2023-53909
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...
CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...
CVE-2024-53909
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...
CVE-2024-53909
creationtimestamp| type| source ---|---|--- 2024-11-24 20:58:56+00:00| seen| https://infosec.exchange/users/cve/statuses/113539936131325510 2024-11-24 21:02:01+00:00| seen| https://infosec.exchange/users/cve/statuses/113539948253257956 2024-12-11 05:00:00+00:00| seen|...
CVE-2024-53909
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...