42 matches found
Parse Server 跨站脚本漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.15 and 8.6.41 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability to bypass fil...
Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host
Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...
CVE-2020-37113
GUnet OpenEclass 1.7.3 is affected by a file upload extension bypass vulnerability. Authenticated users can rename a PHP file to .php3 or .PhP to bypass the exercise submission file-type checks, upload a web shell, and achieve remote code execution on the server. This is documented across CVE-202...
EUVD-2020-30982
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...
EUVD-2017-14321
Malware in sbrugna...
EUVD-2017-2812
Malware in sbrugna...
EUVD-2021-8532
Malicious code in bioql PyPI...
EUVD-2022-52727
Malicious code in bioql PyPI...
EUVD-2023-58824
Malicious code in bioql PyPI...
EUVD-2022-3662
Malicious code in bioql PyPI...
EUVD-2024-42516
Malicious code in bioql PyPI...
CVE-2025-10155
CVE-2025-10155 affects the Python tool picklescan by mmaitre314 (versions up to 0.0.30). The root cause is an ImpropER Input Validation issue in the scanning logic, which allows a standard pickle file with a PyTorch-related file extension to be treated as safe and loaded, enabling remote code exe...
CVE-2012-10034 ClanSphere 2011.3 Local File Inclusion via cs_lang Cookie
ClanSphere 2011.3 is vulnerable to a local file inclusion LFI flaw due to improper handling of the cslang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further...
CVE-2025-52921
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...
CVE-2022-46604
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...
CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application...
CVE-2020-20691
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...
CVE-2019-16318
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...
CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...