11 matches found
CVE-2026-56124
CVE-2026-56124 affects phpUploader prior to 2.0.2. An unauthenticated information-disclosure flaw exists where the index model runs an unbounded SELECT and embeds the full JSON-encoded result set in an inline script, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA...
EUVD-2026-40114
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...
EUVD-2022-34899
Malicious code in bioql PyPI...
CVE-2023-28760
TP-Link AX1800 WiFi 6 Router Archer AX21 devices allow unauthenticated attackers on the LAN to execute arbitrary code as root via the dbdir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in...
GHSA-JJ2R-455P-5GVF filebrowser Sets Insecure File Permissions
Summary The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers where the umask configuration has not been hardened before, this makes all the stated fil...
The vulnerability of the MiniDLNA service in the TPDLNA/files.db file of TP-Link Archer AX20 (AX1800) routers allows a hacker to execute arbitrary code.
The vulnerability of the MiniDLNA service in the TPDLNA/files.db file on TP-Link Archer AX20 AX1800 routers is caused by a buffer overflow in the stack. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
DEBIAN-CVE-2015-5277
The getcontents function in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 before 2.20 might allow local users to cause a denial of service heap corruption or gain privileges via a long line in the NSS files database...
Heap overflow
The getcontents function in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 before 2.20 might allow local users to cause a denial of service heap corruption or gain privileges via a long line in the NSS files database...
CVE-2015-5277
The getcontents function in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 before 2.20 might allow local users to cause a denial of service heap corruption or gain privileges via a long line in the NSS files database...
CVE-2015-5277
The getcontents function in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 before 2.20 might allow local users to cause a denial of service heap corruption or gain privileges via a long line in the NSS files database...
Design/Logic Flaw
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php...