EUVD-2021-31837

Malicious code in bioql PyPI...

EUVD-2023-52423

Malicious code in bioql PyPI...

EUVD-2023-2567

Malicious code in bioql PyPI...

EUVD-2024-22396

Malicious code in bioql PyPI...

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

PT-2025-36945

Name of the Vulnerable Software and Affected Versions: Halo versions prior to 2.20.13 Description: Halo versions prior to 2.20.13 allow bypassing file type detection, enabling the upload of malicious files, including .exe and .html files. Uploading .html files can trigger stored cross-site...

CVE-2025-54460

The vulnerability, if exploited, could allow an authenticated miscreant with privileges to create or access publication targets of type Text File or HDFS to upload and persist files that could potentially be executed...

PT-2025-34294 · Apache · Hdfs

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The vulnerability could allow an authenticated attacker with privileges to create or access publication targets of type Text File or HDFS to upload and persist files that could potentially be...

Linux Distros Unpatched Vulnerability : CVE-2019-1010023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The...

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to configuration and executable files

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management involves insecure handling of privileges. Exploiting this vulnerability can allow an attacker to gain unauthorized access to configuration and executable files...

CVE-2024-39752

IBM Analytics Content Hub 2.0–2.3 includes a vulnerability where uploaded files are not validated by type in Explore Content, enabling potential malicious executable uploads. The issue is documented with a high-severity CVSS indicating impact on confidentiality, integrity, and availability. Remed...

CVE-2024-39752 IBM Analytics Content Hub file upload

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2024-39752 IBM Analytics Content Hub file upload

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2024-43199

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user...

CVE-2024-25020

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...

CVE-2024-25019

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing...

CVE-2023-0351

The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2020-25406

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...

CVE-2020-11544

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via addcars.php. There are no upload restrictions f...