DRUPAL-CORE-2020-012

Update November 18: Documented longer list of dangerous file extensions Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting...

Unrestricted file upload

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...

CVE-2020-26108

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution SEC-488...

CVE-2020-26108

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution SEC-488...

Code injection

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution SEC-488...

CVE-2020-26108

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution SEC-488...

Mara CMS 7.5 Remote Code Execution

Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...

CVE-2020-17448

Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension...

CVE-2020-15651

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS 28...

Privilege escalation

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS 28...

CVE-2020-15651

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS 28...

CVE-2020-15651

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS 28...

Vulnerability of Windows operating systems, related to errors in processing .LNK file extensions, allowing a hacker to execute arbitrary code

The vulnerability of the Windows operating system is related to errors in processing files with the extension .LNK link files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted .LNK file...

Raonwiz K Upload Injection Vulnerability

Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. A security vulnerability exists in Raonwiz K Upload 2018.0.2.50 and earlier versions that stems from a lack of validation of file extensions. An attacker can exploit the vulnerability to download and execute files...

Design/Logic Flaw

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges member is able to upload this. It is possible to bypass the MIME type check and file-extension check...

WordPress Drag And Drop Multi File Uploader Remote Code Execution

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Drag and Drop Multi File...

WordPress Drag And Drop Multi File Uploader Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Drag and Drop Multi File Uploader RCE', 'Description' = %q This module exploits a file upload feature of Drag and Drop Multi File Uploa...

Monstra CMS Code Issue Vulnerability

Monstra CMS is a lightweight PHP-based content management system MS by Ukrainian software developer Sergey Romanenko. A security vulnerability exists in the index.php script in Monstra CMS version 3.0.4, which originates from the program's failure to properly validate file extensions. The...

Unrestricted file upload

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...

CVE-2020-13240

Dolibarr 11.0.4's DMS/ECM module is vulnerable: users with the 'Setup documents directories' permission can rename uploaded files to have insecure file extensions, bypassing the .noexe protection mechanism against XSS. This is a stored cross‑site scripting risk described across multiple sources (...