16 matches found
Exploit for CVE-2026-5364
CVE-2026-5364 CVE-2026-5364 is a CVSS 8.1 High Unauthenticat...
CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...
EUVD-2026-9347
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...
CVE-2025-12203
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-12203
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...
EUVD-2025-36065
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit ha...
PT-2025-43861
Name of the Vulnerable Software and Affected Versions givanz Vvveb versions up to 1.0.7.3 Description A weakness exists in givanz Vvveb related to path traversal. This issue affects the sanitizeFileName function within the system/functions.php file of the Code Editor component. Manipulation of th...
EUVD-2016-6774
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-5839
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 4.5.3 allows remote attackers to bypass the sanitizefilename protection mechanism via unspecified vectors. CVE-2016-5839 Note that Nessus relie...
The vulnerabilities of the formatting.php and SanitizeFileName.php components of the WordPress content management system allow attackers to compromise data integrity.
The vulnerability of the formatting.php and SanitizeFileName.php components of the WordPress content management system is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...
CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
WordPress Security Bypass Vulnerability (CNVD-2016-04465)
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security bypass vulnerability exists in WordPress 4.5.2 and earlier versions. A remote attacker can exploit...
DEBIAN-CVE-2016-5839
WordPress before 4.5.3 allows remote attackers to bypass the sanitizefilename protection mechanism via unspecified vectors...
UBUNTU-CVE-2016-5839
WordPress before 4.5.3 allows remote attackers to bypass the sanitizefilename protection mechanism via unspecified vectors...
Design/Logic Flaw
WordPress before 4.5.3 allows remote attackers to bypass the sanitizefilename protection mechanism via unspecified vectors...
CVE-2016-5839
CVE-2016-5839 affects WordPress prior to 4.5.3, where the sanitize_file_name protection mechanism can be bypassed via unspecified vectors, enabling remote attackers to potentially bypass filename sanitization. Publicly documented in multiple advisories connected to WordPress, including Debian DSA...