1015 matches found
Design/Logic Flaw
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...
CVE-2019-15613
CVE-2019-15613 affects Nextcloud Server 17.0.1, where a bug causes workflow rules to depend on the file extension when checking MIME types. This can impact all three security properties (confidentiality, integrity, availability) per CVSS metrics (NVD: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H; base sco...
Design/Logic Flaw
A file-extension filtering vulnerability in Proofpoint Enterprise Protection PPS / PoD, in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms related to extensions, MIME types, virus detection, and journal entries for transmitted...
CVE-2019-19680
A file-extension filtering vulnerability in Proofpoint Enterprise Protection PPS / PoD, in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms related to extensions, MIME types, virus detection, and journal entries for transmitted...
CVE-2019-19680
CVE-2019-19680 concerns a file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD). Unpatched PPS versions up to 8.9.22 and 8.14.2 are affected. The issue allows bypassing protection mechanisms related to extensions, MIME types, virus detection, and journal entries f...
CVE-2019-20183
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
Design/Logic Flaw
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
CVE-2019-20183
CVE-2019-20183 affects the Simple Employee Records System 1.0. The vulnerability is an arbitrary file upload flaw in uploadimage.php caused by client-side validation of file extensions, allowing an attacker to upload executable PHP code by bypassing validation (e.g., via modifying global.js). Thi...
CVE-2019-20183
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
Online Course Registration 2.0 - Remote Code Execution
Exploit Title: Online Course Registration 2.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: v2.0 Category: Webapps Tested on: Xampp for Windows...
CVE-2019-19634
CVE-2019-19634 affects verot.net class.upload.php up to version 2.0.4 (and 1.0.3 in some builds) used in Joomla! K2 extension; it omits .pht from dangerous extensions, enabling arbitrary file upload and remote code execution. An exploit/POC demonstrates obtaining a shell via a crafted image uploa...
Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing Vulnerability
David Haintz ======================================================================= title: File Extension Spoofing product: Windows Defender Antivirus vulnerable version: 4.18.1908.7-0 fixed version: Virus Definition Update of 2019/09/30 CVE number: - impact: High homepage:...
Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: File Extension Spoofing product: Windows Defender Antivirus vulnerable version: 4.18.1908.7-0 fixed version: Virus Definition Update of 2019/09/30 CVE number: - impact:...
Exploit for Unrestricted Upload of File with Dangerous Type in Verot_Project Verot
CVE-2019-19634 - class.upload.php = 2.0.4 Arbitrary file uplo...
Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...
CVE-2019-19493
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS...
CVE-2019-14467
The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked...
WordPress Easy Digital Downloads Upload File extension cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Upload File extension is a file upload plugin used in it. A cross-site scripting vulnerability...
CVE-2019-16318
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...
CVE-2019-16318
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...