315 matches found
EUVD-2025-14793
Malicious code in bioql PyPI...
EUVD-2024-42415
Malicious code in bioql PyPI...
EUVD-2024-54929
Malicious code in bioql PyPI...
CVE-2024-13986
Nagios XI 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename...
CVE-2012-10054 Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter,...
PT-2025-33089 · Unknown · Umbraco Cms
Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 4.7.1 Description: Umbraco CMS versions prior to 4.7.1 are susceptible to unauthenticated remote code execution through the codeEditorSave.asmx API endpoint. This endpoint exposes a SaveDLRScript operation that...
CVE-2012-10045
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...
CVE-2012-10045
XODA 0.4.5 contains an unauthenticated file upload vulnerability in the upload functionality. An attacker can upload a PHP file to the web-accessible files/ directory and trigger execution via a subsequent GET request, leading to remote code execution. Remediation/patch status not provided in the...
CVE-2012-10036
CVE-2012-10036 affects Project Pier
CVE-2012-10052 EGallery 1.2 Arbitrary PHP File Upload
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...
Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management that allows a hacker to gain unauthorized access to protected information beyond the web directory
Vulnerability of the main and fileman modules of the CMS system: Website management is related to vulnerabilities in path name restrictions for directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information beyond the web directory...
CVE-2023-31476
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...
CVE-2023-33518
emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request...
CVE-2025-39567
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through = 1.7.8...
CVE-2025-39567
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through = 1.7.8...
CVE-2025-39567 WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8...
CVE-2025-39567
CVE-2025-39567 targets Shamalli Web Directory Free (WordPress plugin)
WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by astra.r3verii in WordPress Plugin Web Directory Free versions = 1.7.8...
PT-2025-17184 · Unknown · Shamalli Web Directory Free
Name of the Vulnerable Software and Affected Versions: Shamalli Web Directory Free versions 1.7.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...
WordPress plugin Web Directory Free 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...