24 matches found
CVE-2026-45315
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...
CVE-2026-33647
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...
EUVD-2006-6539
Malware in sbrugna...
EUVD-2021-12713
Malware in sbrugna...
EUVD-2018-6256
Malware in sbrugna...
CVE-2021-25830
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
PT-2024-5251
Name of the Vulnerable Software and Affected Versions Telegram for Android versions 10.14.4 and older Telegram for Android version 11.7.4 Description The issue is related to the incorrect handling of file extensions in received files, allowing an attacker to send malicious apps disguised as video...
ONLYOFFICE Document Server File Extension Handling Vulnerability (CNVD-2021-17247)
ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A file extension handling vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to remotely execute...
CVE-2021-25833
A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...
CVE-2021-25830
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
CVE-2021-25833
A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...
CVE-2021-25831
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
CVE-2021-25831
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
Design/Logic Flaw
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
Design/Logic Flaw
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
Remote code execution
A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...
CVE-2021-25831
ONLYOFFICE DocumentServer (core module) vulnerability CVE-2021-25831 affects v4.0.0-9-v5.6.3. A file extension handling issue arises when converting a crafted PPTT file to PPTX, exploited through a chain of two other improper string handling bugs to achieve remote code execution on the server. Th...
CVE-2021-25831
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
CVE-2021-25830
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
CVE-2021-25830
ONLYOFFICE DocumentServer (core module) v4.2.0.236-v5.6.4.13 contains a file extension handling vulnerability triggered when converting a crafted file from DOCT to DOCX. The issue relies on a chain of two other bugs related to improper string handling and can lead to remote code execution on the ...