CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1015 matches found

Positive Technologies•added 2023/02/03 12:0 a.m.•5 views

PT-2023-12283 · Unknown · Portfoliocms

Name of the Vulnerable Software and Affected Versions: portfolioCMS version 1.0 Description: A race condition issue allows remote attackers to execute arbitrary code by exploiting the fileExt parameter in the localhost/admin/uploads.php API endpoint. Recommendations: For portfolioCMS version 1.0,...

8.1CVSS8.3AI score0.00653EPSS

Exploits1References4

NVD•added 2023/02/02 1:15 p.m.•17 views

CVE-2022-46604

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

8.8CVSS8.9AI score0.36582EPSS

Exploits5References4

Prion•added 2023/02/02 1:15 p.m.•19 views

Design/Logic Flaw

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

6.5CVSS8.9AI score0.36582EPSS

Exploits5References4Affected Software1

CVE•added 2023/02/02 12:0 a.m.•71 views

CVE-2022-46604

The CVE-2022-46604 issue affects Tecrail Responsive FileManager v9.9.5 and earlier. A vulnerability in the file-extension check allows an attacker to upload a crafted PHP file, enabling arbitrary code execution on the server. Connected exploit sources describe remediating factors such as director...

8.8CVSS8.8AI score0.36582EPSS

Exploits5References4Affected Software1

OSV•added 2023/01/17 7:24 p.m.•3 views

GSD-2023-1001499 udf: Fix extending file within last block

udf: Fix extending file within last block This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.161 by commit...

7.2AI score

Exploits0

OSV•added 2023/01/17 6:51 p.m.•6 views

GSD-2023-1001194 udf: Fix extending file within last block

7.2AI score

Exploits0

OSV•added 2023/01/17 6:13 p.m.•8 views

GSD-2023-1000821 udf: Fix extending file within last block

7.2AI score

Exploits0

OSV•added 2023/01/17 4:1 p.m.•6 views

GSD-2023-1000107 udf: Fix extending file within last block

7.2AI score

Exploits0

Positive Technologies•added 2023/01/17 12:0 a.m.•2 views

PT-2023-33080 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.15 Description: The issue is related to extending a file within the last block. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.1...

7.1AI score

Exploits0References1

Positive Technologies•added 2023/01/17 12:0 a.m.•1 views

PT-2023-33272 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.161 Description: The issue is related to extending a file within the last block. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

7.1AI score

Exploits0References1

Positive Technologies•added 2023/01/17 12:0 a.m.•1 views

PT-2023-33083 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.15 Description: The issue is related to discarding preallocation before extending a file with a hole. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.2AI score

Exploits0References1

Positive Technologies•added 2023/01/17 12:0 a.m.•2 views

PT-2023-33898 · Linux · Linux Kernel

7.1AI score

Exploits0References1

OpenVAS•added 2022/12/29 12:0 a.m.•22 views

Mozilla Thunderbird Security Advisories (MFSA2022-54, MFSA2022-54) - Mac OS X

Thunderbird is prone to a file extension manipulation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.7AI score0.00337EPSS

Exploits0References1

Vulnrichment•added 2022/12/22 12:0 a.m.•2 views

CVE-2022-45415

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox 107...

6.3AI score0.00113EPSS

Exploits0References2

Huntr•added 2022/12/05 12:53 a.m.•18 views

Insufficient Upload Filtering

Description The upload filter in Ampache 5.5.5 is insufficient and does not prevent authenticated users from uploading files with malicious extensions, which can lead to remote code execution RCE depending on the local server configuration. This vulnerability assumes several things which has been...

6.5CVSS6.5AI score0.00243EPSS

Exploits1

Positive Technologies•added 2022/11/13 12:0 a.m.•3 views

PT-2022-24987 · Openkm · Openkm

Name of the Vulnerable Software and Affected Versions: OpenKM versions up to 6.3.11 Description: A vulnerability was found in the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to an insecure temporary file. Recommendations: For OpenKM...

5.5CVSS5.3AI score0.00083EPSS

Exploits1References8

Huntr•added 2022/08/06 3:5 p.m.•47 views

Full Read Server-Side Request Forgery (SSRF)

Description Via the /api/upload/upload-by-url endpoint is possible to upload an image via an URL provided by the user. The function that handles this upload, doesn't verify or validate the provided URL, allowing to fetch internal services. \ \ Furthermore, after the resource is fetched, there is ...

4CVSS0.6AI score0.67678EPSS

Exploits1

Kitploit•added 2022/06/22 12:30 p.m.•183 views

GooFuzz - Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Directories, Files, Subdomains Or Parameters Without Leaving Evidence On The Target's Server With Google Dorking

Credits Author: M3n0sD0n4ld Twitter: @DavidUton Description: GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. Download and install: $ git clone...

6.8AI score

Exploits0References2

Github Security Blog•added 2022/05/24 7:12 p.m.•3 views

Magento has a file extension restrictions bypass

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution...

9.1CVSS8.1AI score0.03446EPSS

Exploits0References3Affected Software2

OSV•added 2022/05/24 5:18 p.m.•21 views

GHSA-89FP-J8V7-P82H Microweber allows Unrestricted File Upload

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...

7.8CVSS7.6AI score0.00049EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by