EUVD-2025-205481

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-15109 jackq XCMS upload.php unrestricted upload

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

EUVD-2006-5828

Malware in sbrugna...

EUVD-2007-4742

Malware in sbrugna...

EUVD-2019-3121

Malware in sbrugna...

EUVD-2004-1945

Malware in sbrugna...

EUVD-2008-4406

Malware in sbrugna...

EUVD-2015-5632

Malware in sbrugna...

EUVD-2021-15624

Malware in sbrugna...

EUVD-2009-1090

Malware in sbrugna...

EUVD-2009-1091

Malware in sbrugna...

EUVD-2024-46031

Malicious code in bioql PyPI...

EUVD-2021-7560

Malicious code in bioql PyPI...

EUVD-2022-37144

Malicious code in bioql PyPI...

EUVD-2022-52370

Malicious code in bioql PyPI...

CVE-2013-10038 FlashChat Arbitrary File Upload RCE

An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed...

CVE-2013-10038 FlashChat Arbitrary File Upload RCE

An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed...

WordPress plugin Front End Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2025-6266 Teledyne FLIR AX8 upload.php unrestricted upload

A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public...

CVE-2025-49113

A flaw was found in Roundcube Webmail. This vulnerability allows remote code execution by authenticated users via PHP object deserialization through unvalidated from parameter in upload.php. Mitigation To mitigate this vulnerability, update Roundcube Webmail to version 1.5.10 or 1.6.11, which...