Scout 安全漏洞

Scout is an open source platform from Clinical Genomics for analyzing VCFs and being able to aid collaborations to solve rare diseases faster. A security vulnerability exists in Scout versions prior to 4.89 that stems from a lack of filename cleanup and can bypass expected file extensions and all...

CVE-2024-46441

CVE-2024-46441 affects YPay 1.2.0. The vulnerability arises from an arbitrary file upload where ZIP archives are processed by themePutFile (app/common/util/Upload.php) called from app/admin/controller/ypay/Home.php, with the uncompressed file extension not being checked. Impact stated is arbitrar...

CVE-2024-46441

An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php called from app/admin/controller/ypay/Home.php. The file extension of an uncompressed file is not checked...

The vulnerability of the file_extension() function in the file.c component of the HTMLDOC document conversion tool allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.

The vulnerability of the fileextension function in the file.c component of the HTMLDOC document conversion tool is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

Microsoft Windows Internet Explorer File Extension Spoofing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet...

CVE-2024-8338

A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. Th...

CVE-2024-8338

CVE-2024-8338 affects HFO4 shudong-share 2.4.7. The vulnerability is in /includes/fileReceive.php of the File Extension Handler, where manipulating the file argument enables unrestricted remote upload. The exploit has been disclosed publicly and, per sources, this issue affects products no longer...

CVE-2024-8338 HFO4 shudong-share File Extension fileReceive.php unrestricted upload

A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. Th...

CVE-2024-8338 HFO4 shudong-share File Extension fileReceive.php unrestricted upload

A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. Th...

PT-2024-38953 · Unknown · Hfo4 Shudong-Share

Name of the Vulnerable Software and Affected Versions: HFO4 shudong-share version 2.4.7 Description: A critical vulnerability was found in the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the file argument leads to unrestricted upload. The attack can...

CVE-2022-1206

CVE-2022-1206 concerns the WordPress plugin AdRotate Banner Manager. The vulnerability is an arbitrary file upload caused by missing file extension sanitization in the adrotate_insert_media() function, affecting all versions up to and including 5.13.2. It requires authenticated access at administ...

CVE-2024-6451

AI Engine 2.4.3 is susceptible to remote-code-execution RCE via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logspath", allowing Administrators to change log filetypes from .log to .php...

CVE-2024-6451 AI Engine < 2.5.1 - Admin+ RCE

AI Engine 2.4.3 is susceptible to remote-code-execution RCE via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logspath", allowing Administrators to change log filetypes from .log to .php...

CVE-2024-6451

CVE-2024-6451 affects the AI Engine WordPress plugin (versions &lt; 2.5.1) and the AI Engine core (AI Engine

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-7904

A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...

CVE-2024-7904

A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...

CVE-2024-7904

CVE-2024-7904 affects DedeBIZ 6.3.0. The vulnerability lies in the File Extension Handler’s admin/file_manage_control.php where the upfile1 parameter enables unrestricted file upload, enabling remote exploitation as disclosed. Evidence across multiple sources confirms the impact is unrestricted u...

CVE-2024-7904 DedeBIZ File Extension file_manage_control.php unrestricted upload

A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...

CVE-2024-7903

A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mediaadd.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be...