309 matches found
CVE-2026-33507 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...
Exploit for CVE-2026-3891
Pix for WooCommerce 📜 Description...
Online-Traffic-Offense-Management-System-1.0-Unauthenticated-RCE-PoC
Online Traffic Offense Management System 1.0 — Unauthenticated...
📄 Dell RecoverPoint for Virtual Machines Shell Upload
This proof of concept leverage Tomcat manager credentials to upload and execute a malicious WAR file containing a JSP web shell on Dell RecoverPoint appliances...
CVE-2020-36973
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2020-36973 PDW File Browser 1.3 - Remote Code Execution
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
EUVD-2020-30880
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2020-36973 PDW File Browser 1.3 - Remote Code Execution
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2020-36973
PDW File Browser 1.3 is affected by a remote code execution vulnerability that lets authenticated users upload and rename webshell files to arbitrary web server locations. An attacker can upload a .txt webshell, rename it to .php, and move it into accessible directories using double-encoded path ...
CVE-2020-36973
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
PDW-File-Browser security vulnerability
PDW-File-Browser is a file browser developed by Michal Charemza. Version 1.3 of PDW-File-Browser has a security vulnerability; this vulnerability stems from the ability to upload and rename webshell files, which may lead to remote code execution...
PT-2026-5164
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2019-12803
In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system comman...
Compuware iStrobe Web 代码问题漏洞
Compuware iStrobe Web is a mainframe performance analysis and optimization tool from Compuware Corporation. A code issue vulnerability exists in Compuware iStrobe Web version 20.13, which arises from a path traversal in the file upload form that could result in the upload of a JSP webshell and th...
EUVD-2025-202447
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...
CVE-2025-34392
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...
CVE-2025-34392
Barracuda Service Center (as implemented in Barracuda RMM) prior to version 2025.1.1 contains an insufficient WSDL URL validation in attacker-controlled WSDLs, enabling arbitrary file write and remote code execution via webshell uploads. Affected products include Barracuda RMM’s Service Center in...
CVE-2025-41347
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
CVE-2025-41347
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
CVE-2025-41347 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...