65 matches found
Phpmassmail EverSync 安全漏洞
Phpmassmail EverSync is a synchronization tool developed by the Phpmassmail company. Version 0.5 of Phpmassmail EverSync contains a security vulnerability. This vulnerability stems from the existence of arbitrary files in the files directory, which may lead to the download of database files...
PT-2026-23674
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...
CVE-2025-14697
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...
Sixun Shanghui Business Management System 安全漏洞
Sixun Shanghui Business Management System is a group business management system from Sixun, China. A security vulnerability exists in Sixun Shanghui Business Management System version 4.10.24.3, which originates from an accessible file or directory issue in File/ExportFiles...
EUVD-2019-13203
Malware in sbrugna...
EUVD-2019-8075
Malware in sbrugna...
EUVD-2024-41409
Malicious code in bioql PyPI...
EUVD-2023-2148
Malicious code in bioql PyPI...
CVE-2012-10045
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...
PT-2025-32398 · Xoda · Xoda
Name of the Vulnerable Software and Affected Versions: XODA version 0.4.5 Description: XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to...
CVE-2025-1769
CVE-2025-1769 is a Directory Traversal vulnerability in the WordPress plugin “Product Import Export for WooCommerce – Import Export Product CSV Suite” affecting all versions up to and including 2.5.0. It allows an authenticated user with Administrator+ privileges to read arbitrary server log file...
Vagrant VMware Utility installation files vulnerable to modification by unprivileged user
Summary The Vagrant VMware Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMware Utility 1.0.23...
CVE-2024-6985 Path Traversal in api open_personality_folder in parisneo/lollms-webui
A path traversal vulnerability exists in the api openpersonalityfolder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personalityfolder on the victim's computer, even though sanitizepath is set. The issue arises due to improper sanitization of t...
Cross Platform Webkit File Dropper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cross Platform Webkit File Dropper', 'Description' = %q This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the...
CVE-2024-36071
Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path...
Theft of Arbitrary Files due to lack of intent validation and insecure usage of provider paths in TTFViewerActivity.kt
Description Through the use of Oversecured, leading vulnerability scanner for Android and iOS applications, we were able to detect an Theft of Arbitrary Files vulnerability within TTFViewerActivity.kt. Check full issue definition in the image below: Root Cause Analysis The TTFViewerActivity faile...
PT-2023-20846 · Diasoft · Diasoft File Replication Pro
Name of the Vulnerable Software and Affected Versions: Diasoft File Replication Pro version 7.5.0 Description: The issue allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because the directory...
CVE-2021-46367
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default...
CVE-2021-46367
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default...
XpressEngine 跨站脚本漏洞
XpressEngine is a CMS Content Management System that allows anyone to publish content easily, conveniently and freely. A security vulnerability exists in XpressEngine, which stems from the fact that in XE 1.116, there is no restriction on file extensions when uploading a Normal button. An attacke...