406 matches found
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Koken CMS 0.22.24 - Arbitrary File Upload Authenticated Exploit Author: v1n1v131r4 Vendor Homepage: http://koken.me/ Software Link: https://www.softaculous.com/apps/cms/Koken Version: 0.22.24 Tested on: Linux PoC:...
CVE-2020-9309
Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...
CVE-2020-9309
SilverStripe CMS up to version 4.5 is vulnerable to script execution via malicious upload contents, when files with allowed extensions are stored as protected or draft and MIME detection causes browsers to run the file contents. Affected component/file: uploads handling (protected/draft state) an...
MGASA-2020-0276 Updated mailman packages fix security vulnerability
Updated mailman package fixes security vulnerability: Up to mailman 2.1.29 when sending a file without a file extension or an unknown file extension then the file is stored in the list archive with the file extension .obj. Most web servers will try to assign a mime type based on the file extensio...
CVE-2020-7650
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...
CVE-2020-7650
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...
Code injection
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...
CVE-2020-7650
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...
Threat actors release Troldesh decryption keys
Update: Kaspersky has updated their ShadeDecryptor tool to include decryption for the keys released by "shade team". You can download the tool and find instructions here. A GitHub user claiming to represent the authors of the Troldesh Ransomware calling themselves the “Shade team” published this...
Denial Of Service (DoS)
php is vulnerable to denial of service. A flaw was found in the way PHP handled certain file extensions when running in FastCGI mode. If the PHP interpreter was being executed via FastCGI, a remote attacker could create a request which would cause the PHP interpreter to crash...
CVE-2020-9326
BeyondTrust Privilege Management for Windows and Mac aka PMWM; formerly Avecto Defendpoint 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash...
GHSA-2GC7-W4HW-RR2M class.upload.php in verot.net omits .pht from the set of dangerous file extensions
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...
Remote code execution
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution...
CVE-2016-11020
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution...
CVE-2019-15613
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...