Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.9 views

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS6.7AI score0.00545EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:54 a.m.15 views

CVE-2009-4444

Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...

6CVSS6.9AI score0.63627EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-3443

Malware in sbrugna...

9.3CVSS6.3AI score0.03273EPSS
Exploits0References8
OSV
OSV
added 2019/09/14 6:15 p.m.24 views

CVE-2019-16318

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...

8.8CVSS8.6AI score
Exploits0References2
CVE
CVE
added 2019/09/14 5:1 p.m.87 views

CVE-2019-16318

Technical details for CVE-2019-16318 are not publicly available in the provided documents. Monitor Pimcore advisories and related sources for updates on affected versions, impact, and remediation.

8.8CVSS8.4AI score0.01399EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/14 5:1 p.m.45 views

CVE-2019-16318

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...

8.6AI score0.01399EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2018/01/08 12:0 a.m.51 views

WordPress LearnDash 2.5.3 File Upload

Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...

7.1AI score
Exploits0
myhack58
myhack58
added 2015/07/24 12:0 a.m.22 views

SysAid Help Desk Administrator Portal Arbitrary File Upload-vulnerability warning-the black bar safety net

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SysAid Help Desk Administrator Portal Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...

7.2AI score0.49791EPSS
Exploits9
0day.today
0day.today
added 2015/07/20 12:0 a.m.61 views

SysAid Help Desk Administrator Portal Arbitrary File Upload Exploit

This Metasploit module exploits a file upload vulnerability in SysAid Help Desk. The vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not handle correctly directory traversal sequences and does not enforce file extension restrictions. You need to have an...

6.5CVSS0.1AI score0.49791EPSS
Exploits9
Metasploit
Metasploit
added 2015/06/03 8:44 p.m.24 views

SysAid Help Desk Administrator Portal Arbitrary File Upload

This module exploits a file upload vulnerability in SysAid Help Desk. The vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not correctly handle directory traversal sequences and does not enforce file extension restrictions. While an attacker needs an administrat...

6.5CVSS6.9AI score0.49791EPSS
Exploits9
UbuntuCve
UbuntuCve
added 2015/03/30 12:0 a.m.59 views

CVE-2015-2348

The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

5CVSS6.8AI score0.08653EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2009/10/22 12:0 a.m.24 views

Adobe Acrobat Unspecified vulnerability

This host has Adobe Acrobat installed which is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbadobeacrobatunspecifiedvuln.nasl 8210 2017-12-21 10:26:31Z cfischer $ Adobe Acrobat Unspecified vulnerability Authors: Nikta MR Copyright: Copyright c 2009 Greenbone Networks GmbH,...

9.3CVSS1.8AI score0.03273EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2009/10/19 10:30 p.m.21 views

CVE-2009-3461

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors...

9.3CVSS5.9AI score0.03273EPSS
Exploits0References1
NVD
NVD
added 2009/10/19 10:30 p.m.16 views

CVE-2009-3461

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors...

9.3CVSS6.3AI score0.03273EPSS
Exploits0References6
Prion
Prion
added 2009/10/19 10:30 p.m.19 views

Design/Logic Flaw

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors...

9.3CVSS6.9AI score0.03273EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2009/10/19 10:0 p.m.18 views

CVE-2009-3461

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors...

6.3AI score0.03273EPSS
Exploits0References6
CVE
CVE
added 2009/10/19 10:0 p.m.64 views

CVE-2009-3461

Adobe Acrobat 9.x before 9.2 is affected by an unspecified vulnerability that allows bypassing intended file-extension restrictions via unknown vectors. The issue affects Acrobat on affected builds and can lead to complete confidentiality/integrity/availability impact per CVSS 9.3. Remediation re...

9.3CVSS6.3AI score0.03273EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2009/09/21 12:0 a.m.118 views

Mambo 4.6.3 arbitrary file upload

Step 1 Using post method send file to: http://victim.com/mambo4.6.5/mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php?Command=FileUpload file should have one of the following extensions: zip, doc, xls, pdf, rtf, csv, jpg, gif, jpeg, png, avi, mpg, mpeg, swf, fla...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/05/17 12:0 a.m.5 views

PT-2006-3389 · Dubanner · Dubanner

Name of the Vulnerable Software and Affected Versions: DUbanner version 3.1 Description: The issue allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, to the add.asp endpoint, probably due to client-side enforcement that can be...

7.5CVSS7.8AI score0.03956EPSS
Exploits0References7
Rows per page
Query Builder