Nextcloud: RTLO character allowed in shared files

SUMMARY ------------- Hello, I have notices that you do not properly strip the RTLO right to left override character in the sharing page of the file, thus allowing someone to mask the real extension of a file and if the user downloads, then opens the file something may be executed on his machine...

CVE-2017-7457

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure...

Code injection

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

CVE-2016-8005

File extension filtering vulnerability in Intel Security McAfee Email Gateway MEG before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension...

Design/Logic Flaw

File extension filtering vulnerability in Intel Security McAfee Email Gateway MEG before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension...

CVE-2016-8005

File extension filtering vulnerability in Intel Security McAfee Email Gateway MEG before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension...

CVE-2016-8005

CVE-2016-8005 is a file-extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) prior to 7.6.404h1128596. An attacker can bypass proper filename detection by forging a filename with a null byte in the extension, as described in NVD and relatedOpenVAS entries. Affected produ...

CVE-2016-8005

File extension filtering vulnerability in Intel Security McAfee Email Gateway MEG before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension...

Chrome: bypass for download filetype blacklist, extension->native privesc

This bug report describes a vulnerability that can be used by an extension with some permissions to escalate to native code execution on Linux desktops if Java is installed. No user interaction is required. Chrome permits extensions with appropriate permissions "downloads" and "downloads. open" t...

CVE-2016-6104

IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.5 (2.5.0.7 fixes) and 2.6 (2.6.0.2 fixes) are affected by CVE-2016-6104. The root cause is improper validation of file extensions, allowing a remote attacker to upload arbitrary files and potentially execute cod...

Pear HTTP_Upload v1.0.0b3 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications + + Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTPUPLOAD-ARBITRARY-FILE-UPLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product:...

CVE-2017-5520

CVE-2017-5520 affects GeniXCMS up to version 0.0.8. The issue is in the media rename feature, which does not consider alternative PHP file extensions when checking uploaded files for PHP content, allowing an attacker to rename and execute files with .php6, .php7, or .phtml extensions. The connect...

CmsEasy front Desk arbitrary code execution vulnerability

Source link: https://xianzhi.aliyun.com/forum/read/215.html 在补丁页面http://www.cmseasy.cn/patch/show1116.html下载补丁CmsEasyforUploads20161012.zip Modified files no more 通过diff发现补丁中lib/default/toolact.php 392 row cutimageactionfunction is commented out Take a look at this function php /function...

The Unarchiver 3.11.1 - '.tar.Z' Crash (PoC)

Exploit Title: The Unarchiver 3.11.1 '.tar.Z' Local Crash PoC Date: 10-17-2016 Exploit Author: Antonio Z. Vendor Homepage: http://unarchiver.c3.cx/unarchiver Software Link: http://unarchiver.c3.cx/downloads/TheUnarchiver3.11.1.zip Version: 3.11.1 Tested on: OS X 10.10, OS X 10.11, OS X 10.12 More...

The vulnerability of the Internet Explorer browser, which allows a violator to circumvent existing access restrictions

The vulnerability of the Internet Explorer browser is related to errors in files with the .url extension on the Internet. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions using a specially crafted file...

TikiWiki 15.1 ELFinder Unauthenticated File Upload

Description A file upload vulnerability in Tiki Wiki --Part83012510490351498898101-- 3. Info Author: Mehmet Ince https://www.exploit-db.com/exploits/40091/...

CVE-2016-2914

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine aka RPENG 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension...

PaKnPost Pro 1.14 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: PaKnPost Pro Arbitrary File Upload & Remote Code Execution Date: 2016-07-06 Product: PaKnPost Pro Vendor Homepage: http://www.paknpost.org Software Link: https://sourceforge.net/projects/paknpost/ Version: =1.14 Tested on:...

PaKnPost Pro 1.14 - Multiple Vulnerabilities

Exploit Title: PaKnPost Pro Arbitrary File Upload & Remote Code Execution Date: 2016-07-06 Product: PaKnPost Pro Vendor Homepage: http://www.paknpost.org Software Link: https://sourceforge.net/projects/paknpost/ Version: =1.14 Tested on: Windows, Linux Exploit Authors: Edvin Rustemagic, Grega...

ExpressionEngine: Arbitrary file upload when setting an avatar

Hello, When an administrator attempts to set an avatar from an external link, the parser just takes the source of whatever link they point it to and creates a file with the same extension and content in the uploads folder. Steps to reproduce: 1- Visit...