EUVD-2016-1729

Malware in sbrugna...

EUVD-2018-19194

Malware in sbrugna...

EUVD-2022-39449

Malicious code in bioql PyPI...

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file...

PT-2024-30053 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.0 Description: The issue is related to a remote code execution vulnerability. Although the admin files.php file imposes restrictions on edited files, attackers can bypass these restrictions and write code. This allows...

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file...

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file...

RPi-Jukebox-RFID 操作系统命令注入漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developers at Micz Flor in Germany. It plays audio files, playlists, podcasts, web streams and spotify triggered by the RFID card. An operating system command injection vulnerability exists in RPi-Jukebox-RFID...

PT-2022-23602 · Unknown · Rpi-Jukebox-Rfid

Name of the Vulnerable Software and Affected Versions: RPi-Jukebox-RFID version 2.3.0 Description: A command injection issue was discovered in the /htdocs/utils/Files.php component. This issue is exploited via a crafted payload injected into the file name of an uploaded file. Recommendations: For...

Nedi Consulting NeDi 代码注入漏洞

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from a PHP code injection vulnerability. The vulnerability can be exploited to inject PHP code into the System Files function of endpoint /System-Files.php v...

Sql injection

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API the sortDir parameter in a sortBy=popular action to the GETindex method in applications/downloads/api/files.php...

CVE-2019-11344

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...

Sql injection

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...

CVE-2016-10731

CVE-2016-10731 affects ProjectSend (formerly cFTP) r582 and enables SQL injection via multiple PHP endpoints: manage-files.php (status, files), clients.php (selected_clients, status), process-zip-download.php (file), or home-log.php (action). Root cause: input parameters are used in SQL queries w...

DanWin hosting var/www/html/files.php cross-site request forgery vulnerability

DanWin hosting is a TOR-based installation program for shared hosting servers. A cross-site request forgery vulnerability exists in the var/www/html/files.php file in DanWin hosting 2018-02-11 and earlier versions. A remote attacker can use this vulnerability to add/delete/change arbitrary files ...

ASANHAMAYESH CMS SQL Injection Vulnerability

ASANHAMAYESH CMS is a content management system. files component is one of the files components. A SQL injection vulnerability exists in the files.php file of the files component in ASANHAMAYESH CMS version 3.4.6. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

CVE-2018-7308

A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account...

Cross site request forgery (csrf)

A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account...

CVE-2018-7308

A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account...

CVE-2018-7308

CVE-2018-7308 affects DanWin hosting (var/www/html/files.php) up to 2018-02-11. The vulnerability is a cross-site request forgery (CSRF) that lets arbitrary remote users add/delete/modify files in any hosting account. Root cause is CSRF in the affected script; no exploitation details are provided...