Lucene search
K

150 matches found

OSV
OSV
added 2021/11/15 5:15 a.m.17 views

CVE-2021-43620

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...

7.5CVSS6.5AI score
Exploits0References3
CNNVD
CNNVD
added 2021/11/15 12:0 a.m.4 views

Rust 安全漏洞

A security vulnerability exists in Mozilla Rust, a general-purpose, compiled programming language from the Mozilla Foundation. The vulnerability stems from the fact that security-related validation of file extensions may be compromised. The NSString method used to convert to a string may return...

7.5CVSS5.5AI score0.01314EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.5 views

Tobesoft NEXACRO14 安全漏洞

Tobesoft NEXACRO14 is a BUX platform from Tobesoft Korea, developed as a JavaScript-based stand-alone framework to accommodate the company's various development needs. Applications developed using the Nexacro platform require no additional development to achieve the same functionality across a wi...

8.8CVSS8.2AI score0.00584EPSS
Exploits0References1
NVD
NVD
added 2021/08/25 10:15 p.m.23 views

CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

9.8CVSS0.02744EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/06/14 1:37 p.m.61 views

CVE-2021-24347 SP Project & Document Manager <2 4.22 - Authenticated Shell Upload

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...

8.9AI score0.52007EPSS
Exploits8References3
OSV
OSV
added 2020/11/12 8:15 p.m.5 views

CVE-2020-13774

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...

9.9CVSS7.8AI score0.04747EPSS
Exploits0References1
Prion
Prion
added 2020/11/12 8:15 p.m.13 views

Unrestricted file upload

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...

9CVSS9.4AI score0.04747EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/09/23 12:0 a.m.2 views

IBM Data Risk Manager Arbitrary File Upload Vulnerability

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. An arbitrary file upload vulnerability exists in IBM Data Risk Manager 2.0.6. The vulnerability stems from improper validation of file extensions. A remote attacker could...

9CVSS9.7AI score0.05187EPSS
Exploits0References1
OSV
OSV
added 2020/09/22 2:15 p.m.1 views

CVE-2020-4620

IBM Data Risk Manager iDNA 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could all...

8.8CVSS7.6AI score0.05187EPSS
Exploits0References2
Prion
Prion
added 2020/09/21 8:15 p.m.13 views

Design/Logic Flaw

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

6.8CVSS8.8AI score0.01473EPSS
Exploits1References12Affected Software5
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.240 views

Mara CMS 7.5 Remote Code Execution

Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...

0.1AI score
Exploits0
CNVD
CNVD
added 2020/07/13 12:0 a.m.3 views

Raonwiz K Upload Injection Vulnerability

Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. A security vulnerability exists in Raonwiz K Upload 2018.0.2.50 and earlier versions that stems from a lack of validation of file extensions. An attacker can exploit the vulnerability to download and execute files...

9.8CVSS6.9AI score0.01151EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/25 12:0 a.m.3 views

Monstra CMS Code Issue Vulnerability

Monstra CMS is a lightweight PHP-based content management system MS by Ukrainian software developer Sergey Romanenko. A security vulnerability exists in the index.php script in Monstra CMS version 3.0.4, which originates from the program's failure to properly validate file extensions. The...

8.8CVSS9.1AI score0.02502EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/03/14 12:0 a.m.21 views

PT-2020-3996 · Unknown · Responsive Filemanager

Name of the Vulnerable Software and Affected Versions: Responsive Filemanager versions through 9.14.0 Description: An issue was discovered in the ajax calls.php file, specifically in the save img action, where the name parameter lacks validation of the sent extension. This allows for the executio...

9.8CVSS9.5AI score0.1929EPSS
Exploits5References7
exploitpack
exploitpack
added 2020/02/24 12:0 a.m.45 views

DotNetNuke 9.5 - File Upload Restrictions Bypass

DotNetNuke 9.5 - File Upload Restrictions Bypass Exploit Title: DotNetNuke 9.5 - File Upload Restrictions Bypass Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link:...

0.3AI score
Exploits0
NVD
NVD
added 2020/01/09 10:15 p.m.31 views

CVE-2019-20183

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...

7.2CVSS7.2AI score0.07625EPSS
Exploits2References1
Prion
Prion
added 2020/01/09 10:15 p.m.21 views

Design/Logic Flaw

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...

6.5CVSS7.1AI score0.07625EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/01/09 9:21 p.m.43 views

CVE-2019-20183

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...

7.2AI score0.07625EPSS
Exploits2References1
CVE
CVE
added 2020/01/09 9:21 p.m.136 views

CVE-2019-20183

CVE-2019-20183 affects the Simple Employee Records System 1.0. The vulnerability is an arbitrary file upload flaw in uploadimage.php caused by client-side validation of file extensions, allowing an attacker to upload executable PHP code by bypassing validation (e.g., via modifying global.js). Thi...

7.2CVSS7.1AI score0.07625EPSS
Exploits2References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/30 7:48 a.m.19 views

Security Bulletin: FileNet Workplace XT can be affected by the File Extension validation vulnerability (CVE-2016-8921)

Summary FileNet Workplace XT is vulnerable to the File Extension validation bypass which allows malicious content to be uploaded to the FileNet P8 server Vulnerability Details CVEID: CVE-2016-8921 DESCRIPTION: IBM FileNet Workplace XT could allow a remote attacker to upload arbitrary files, which...

8.8CVSS0.5AI score0.02235EPSS
Exploits0Affected Software1
Rows per page
Query Builder