CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

CVE-2026-42879 - FacturaScripts - Authenticated Unrestricted File Upload via MIME Type Bypass Summary An authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF...

GHSA-VF3Q-FRMR-VRR9 FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

CVE-2026-42879 - FacturaScripts - Authenticated Unrestricted File Upload via MIME Type Bypass Summary An authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF...

EUVD-2008-6644

Malware in sbrugna...

BoidCMS 2.0.0 Command Injection Exploit

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. This module requires Metasploit:...

BoidCMS Command Injection

This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. Module Options msf use exploit/multi/http/cve202338836boidcms msf...

Unrestricted file upload

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks...

CVE-2023-38836

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks...

BoidCMS 代码问题漏洞

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A code issue vulnerability exists in BoidCMS version v.2.0.0, which originates from a vulnerability that allows remote attackers to execute arbitrary code via the G...

Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms

CVE-2023-38836 Exploit File Upload vulnerability in BoidCMS v...

PT-2023-26619 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: BoidCMS version 2.0.0 Description: A remote attacker can execute arbitrary code by exploiting a file upload vulnerability in BoidCMS. This is achieved by adding a GIF header to bypass MIME type checks, allowing the attacker to execute code vi...

The vulnerability of the ReadGifHeader() function in the HDF5 library libhdf5 allows a hacker to execute arbitrary code on the target system.

The vulnerability of the ReadGifHeader function in the HDF5 library libhdf5 is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code on the target system by having the user open a specially created maliciou...

CVE-2019-11447

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...

CVE-2019-11447

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...

Design/Logic Flaw

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...

CuteNews 2.1.2 - avatar Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in CuteNews prior to...

CVE-2010-4376

CVE-2010-4376 describes a heap-based buffer overflow in RealNetworks RealPlayer 11.x (Windows, Mac, Linux) and RealPlayer SP 1.x, triggered by a large Screen Width value in the GIF87a Screen Descriptor of an RTSP stream. This allows remote code execution. Public sources in the provided documents ...

Unrestricted file upload

Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in MemberAdmin/logo/...