CVE-2011-5077

Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in image directory...

CVE-2005-4423

Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."...

Ovidentia 代码问题漏洞

Ovidentia is an open source content management system and collaboration platform based on PHP and MySQL from the French team Cantico, which can be used for publishing and managing projects, publication and article management, schedule sharing, and more. A security vulnerability exists in Ovidenti...

Reservation Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Reservation Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 ...

BIT-ABANTECART-2022-26521

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the CatalogMedia ManagerImages settings can be changed by an administrator e.g., by configuring .php to be a valid image file type...

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...

CVE-2022-26149

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...

CVE-2022-26149

MODX Revolution up to version 2.8.3-pl is affected by an authenticated RCE: an admin can upload an executable file by abusing the Uploadable File Types setting, then execute code via the Media Browser. Exploitation details and proof-of-concept scripts are present in public advisories (e.g., Explo...

FUSE - A Penetration Testing Tool For Finding File Upload Bugs

FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload UEFU vulnerabilities. The details of the testing strategy is in our paper, "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in NDSS 2020. To see how to configure and execute FUSE,...

CVE-2020-25406

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...

Lemocms Code Issues Vulnerabilities

Lemocms is a backend administration site builder developed by Lemocms Community based on ThinkPhp. A security vulnerability exists in lemocms version 1.8.x. The vulnerability stems from allowing users to upload files to upload executable files in appadmincontrollersysUploads.php...

CVE-2020-4588

IBM i2 iBase 8.9.13 is vulnerable to unrestricted file upload, allowing uploaded executables to be run, potentially causing code execution on a victim. IBM’s Security Bulletin confirms the fix in iBase 9 and advises upgrading to a version that includes the fix. Affected product/version: IBM i2 iB...

Path traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

TestLink File Upload Vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A file upload vulnerability exists in the keywordImport.php file in TestLink version 1.9.20. A remote attacker can exploit this vulnerability by uploading a file with an...

Unspecified Vulnerability in IBM Planning Analytics

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in My Account Portal in IBM Planning Analytics version 2.0. An...

CVE-2019-15751

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands...

CVE-2014-0607

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer VPD before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file...

CVE-2013-6810

The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition CMCNE, HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file...

Code injection

The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition CMCNE, HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file...

CVE-2011-5069

Unrestricted file upload vulnerability in incidentattachments.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a...