Design/Logic Flaw

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

Remote code execution

A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...

CVE-2021-25831

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...

CVE-2021-25831

ONLYOFFICE DocumentServer (core module) vulnerability CVE-2021-25831 affects v4.0.0-9-v5.6.3. A file extension handling issue arises when converting a crafted PPTT file to PPTX, exploited through a chain of two other improper string handling bugs to achieve remote code execution on the server. Th...

CVE-2021-25830

ONLYOFFICE DocumentServer (core module) v4.2.0.236-v5.6.4.13 contains a file extension handling vulnerability triggered when converting a crafted file from DOCT to DOCX. The issue relies on a chain of two other bugs related to improper string handling and can lead to remote code execution on the ...

CVE-2021-25830

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

Ascensio System ONLYOFFICE Document Server 安全漏洞

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A file extension handling vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to remotely execute...

Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

The plugin did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE. Additional Info, and Bypass of .htaccess protection found by WPScanTeam, while confirming the issue: There is...

CVE-2021-21141

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page...

UBUNTU-CVE-2021-21141

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page...

Design/Logic Flaw

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page...

CVE-2021-21141

CVE-2021-21141 affects Chromium-based browsers (Chrome/Chromium) up to version 88.0.4324.96, due to insufficient policy enforcement in the File System API. This allows a remote attacker to bypass the file-extension policy via a crafted HTML page. The issue is mitigated by upgrading to 88.0.4324.9...

CVE-2021-21141

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page...

CVE-2021-21141

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page...

PT-2021-8102 · Htmldoc +4 · Htmldoc +4

Name of the Vulnerable Software and Affected Versions: htmldoc versions 1.9.12 and earlier Description: The issue is related to a null pointer dereference in the file extension function, located in the file.c component of the htmldoc tool. This can lead to arbitrary code execution and denial of...

Unspecified Vulnerability in Mozilla Firefox (CNVD-2021-07240)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox in that if a user downloads a file without an extension on Windows, and then "opens" it in the download panel, the executable will be launched if the...

CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

IBM Cloud Pak System 代码问题漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. An arbitrary file upload vulnerability exists in IBM Cloud Pak System 2.3. An attacker can exploit this vulnerability by intercepting requests and modifying the file extension t...

WordPress Simple File List Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Simple File List Unauthenticated Remote Code Execution', 'Description' = %q Simple File List simple-file-list plugin before 4.2.3 for...