Design/Logic Flaw

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...

CVE-2019-16318

Technical details for CVE-2019-16318 are not publicly available in the provided documents. Monitor Pimcore advisories and related sources for updates on affected versions, impact, and remediation.

CVE-2019-16318

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...

October CMS - Upload Protection Bypass Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'October CMS Upload Protection Bypass Code Execution', 'Description' = %q This module exploits an Authenticated user with permission to upload and...

October CMS Upload Protection Bypass Code Execution Exploit

This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in...

Security Bulletin: FileNet Workplace XT can be affected by the File Extension validation vulnerability (CVE-2016-8921)

Summary FileNet Workplace XT is vulnerable to the File Extension validation bypass which allows malicious content to be uploaded to the FileNet P8 server Vulnerability Details CVEID: CVE-2016-8921 DESCRIPTION: IBM FileNet Workplace XT could allow a remote attacker to upload arbitrary files, which...

CVE-2019-15640

Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image...

CVE-2019-15640

Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image...

CVE-2019-7912

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious uploa...

Code injection

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

Input validation

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension...

Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519 CVE : CVE-2019-13493 Vendor...

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices

A new ransomware family has been found targeting Linux-based Network Attached Storage NAS devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file...

Arbitrary Code Execution

siteserver cms is vulnerable to arbitrary code execution. Improper validation of the file extension allows an administrator to upload a file with extension .aassp, which would be converted to .asp after the .as substring is removed. The code in the file will be executed in the context of the serv...

GHSA-958R-G534-CCMR MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation

madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...

CVE-2019-7669

CVE-2019-7669 affects Prima Systems FlexAir (versions 2.3.38 and earlier). The vulnerability is due to improper validation of file extensions when uploading files, allowing a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root pri...

Microsoft Word (2016) Deceptive File Reference

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WORD-DECEPTIVE-FILE-REFERENCE.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product Microsoft Word 2016 Vulnerability Type...

Adobe ColdFusion < 11.x < 11u19 / 2016.x < 2016u11 / 2018.x < 2018u4 Multiple Vulnerabilities (APSB19-27)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 11.x update 19, 2016.x update 11, or 2018.x update 4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB19-27 advisory. - File extension blacklist bypass potentially leading to Arbitrary...

CVE-2019-7838

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution...