1163 matches found
CVE-2019-12744
SeedDMS before 5.1.11 allows Remote Command Execution RCE because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940...
CVE-2023-53956
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...
GHSA-CV8H-R7R5-VWJ9 Kimai contains a SameSite cookie vulnerability
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...
CVE-2023-53871 Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic
Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...
EUVD-2025-35195
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...
CVE-2025-34514
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
EUVD-2025-34802
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
CVE-2025-34514
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
EUVD-2002-2162
Malware in sbrugna...
EUVD-2018-4035
Malware in sbrugna...
EUVD-2007-2209
Malware in sbrugna...
EUVD-2018-7061
Malware in sbrugna...
EUVD-2019-16718
Malware in sbrugna...
EUVD-2018-13179
Malware in sbrugna...
EUVD-2017-9050
Malware in sbrugna...
EUVD-2006-6862
Malware in sbrugna...
EUVD-2017-9048
Malware in sbrugna...
EUVD-2018-18647
Malware in sbrugna...
EUVD-2018-13194
Malware in sbrugna...
EUVD-2006-4569
Malware in sbrugna...