150 matches found
CVE-2021-43620
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...
Rust 安全漏洞
A security vulnerability exists in Mozilla Rust, a general-purpose, compiled programming language from the Mozilla Foundation. The vulnerability stems from the fact that security-related validation of file extensions may be compromised. The NSString method used to convert to a string may return...
Tobesoft NEXACRO14 安全漏洞
Tobesoft NEXACRO14 is a BUX platform from Tobesoft Korea, developed as a JavaScript-based stand-alone framework to accommodate the company's various development needs. Applications developed using the Nexacro platform require no additional development to achieve the same functionality across a wi...
CVE-2021-37334
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...
CVE-2021-24347 SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...
CVE-2020-13774
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...
Unrestricted file upload
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...
IBM Data Risk Manager Arbitrary File Upload Vulnerability
IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. An arbitrary file upload vulnerability exists in IBM Data Risk Manager 2.0.6. The vulnerability stems from improper validation of file extensions. A remote attacker could...
CVE-2020-4620
IBM Data Risk Manager iDNA 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could all...
Design/Logic Flaw
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
Mara CMS 7.5 Remote Code Execution
Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...
Raonwiz K Upload Injection Vulnerability
Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. A security vulnerability exists in Raonwiz K Upload 2018.0.2.50 and earlier versions that stems from a lack of validation of file extensions. An attacker can exploit the vulnerability to download and execute files...
Monstra CMS Code Issue Vulnerability
Monstra CMS is a lightweight PHP-based content management system MS by Ukrainian software developer Sergey Romanenko. A security vulnerability exists in the index.php script in Monstra CMS version 3.0.4, which originates from the program's failure to properly validate file extensions. The...
PT-2020-3996 · Unknown · Responsive Filemanager
Name of the Vulnerable Software and Affected Versions: Responsive Filemanager versions through 9.14.0 Description: An issue was discovered in the ajax calls.php file, specifically in the save img action, where the name parameter lacks validation of the sent extension. This allows for the executio...
DotNetNuke 9.5 - File Upload Restrictions Bypass
DotNetNuke 9.5 - File Upload Restrictions Bypass Exploit Title: DotNetNuke 9.5 - File Upload Restrictions Bypass Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link:...
CVE-2019-20183
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
Design/Logic Flaw
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
CVE-2019-20183
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
CVE-2019-20183
CVE-2019-20183 affects the Simple Employee Records System 1.0. The vulnerability is an arbitrary file upload flaw in uploadimage.php caused by client-side validation of file extensions, allowing an attacker to upload executable PHP code by bypassing validation (e.g., via modifying global.js). Thi...
Security Bulletin: FileNet Workplace XT can be affected by the File Extension validation vulnerability (CVE-2016-8921)
Summary FileNet Workplace XT is vulnerable to the File Extension validation bypass which allows malicious content to be uploaded to the FileNet P8 server Vulnerability Details CVEID: CVE-2016-8921 DESCRIPTION: IBM FileNet Workplace XT could allow a remote attacker to upload arbitrary files, which...