EUVD-2024-55614

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

EUVD-2024-55333

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

CVE-2025-8289

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...

CVE-2024-1691

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping...

CVE-2025-46349

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

CVE-2025-46349 YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

PT-2025-18196

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.5.4 Description The issue is related to reflected XSS in the file upload form, allowing malicious unauthenticated users to create links that can perform arbitrary actions when clicked by a victim. Recommendations Fo...

CVE-2024-43230

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28...

CVE-2024-43230 WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.28...

CVE-2024-43230 WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.28...

Microsoft Word Document Upload to Stored XSS: A Case Study

Anytime I see a file upload form during an application test, my attention is piqued. In a best-case scenario, I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I cant get a backdoor...

PlaySms 1.4 Remote Code Execution

Exploit Title: PlaySMS 1.4 Code Execution using $filename and Unrestricted File Upload in sendfromfile.php Date: 14-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website: http://touhidshaikh.com/...

Specialist by Templatic - CSRF File Upload

The specialist WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/specialist/images/tmp/yourshell.php...

NASA 'Space your Face' domain hacked

Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name "p0ison-r00t" deface a sub domain of NASA http://spaceyourface.nasa.gov/. The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using...

Zubrag.com File Upload Form Shell Upload

Exploit Title: File Upload Form File Arbitrary Upload Date: 05/02/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: File Upload Form http://www.zubrag.com/scripts/file-upload-form.php Tested on: Linux Comment Greetz: Hern...

WordPress AllWebMenus Shell Upload

Exploit Title: AllWebMenus WordPress Menu Plugin Arbitrary file upload Version: Compress it with zip to awm.zip Use this form to upload the php file to the server Version 1.1.8 also checks the source referrer, so you have to use scripting language or spoof it in another way to set the HTTPREFERER...

Debian DSA-2163-1 : python-django - multiple vulnerabilities

Several vulnerabilities were discovered in the Django web development framework : - CVE-2011-0696 For several reasons the internal CSRF protection was not used to validate AJAX requests in the past. However, it was discovered that this exception can be exploited with a combination of browser...

Ubuntu: Security Advisory (USN-536-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-536-1

Ubuntu Update for Linux kernel vulnerabilities USN-536-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5361.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-536-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networ...

Ubuntu Update for firefox vulnerabilities USN-535-1

Ubuntu Update for Linux kernel vulnerabilities USN-535-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5351.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-535-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...