11 matches found
📄 Peyara Remote Mouse 1.0.1 Shell Upload / Code Execution
The Peyara Remote Mouse desktop control software exposes an unauthenticated file upload endpoint, along with an unauthenticated WebSocket control channel. An attacker can upload arbitrary files including .LNK shortcuts to the victim environment and trigger command execution via simulated...
EUVD-2025-28860
Malicious code in bioql PyPI...
SpecialFolderDatablock - Windows LNK File Special UNC Path NTLM Leak
This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in SpecialFolderDatablock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim browse to the location...
CVE-2025-9491
CVE-2025-9491 is a Microsoft Windows LNK file UI misrepresentation vulnerability. The flaw lies in how Windows handles .LNK/shortcuts, where crafted whitespace padding can hide malicious command-line arguments from the target user’s view, enabling arbitrary code execution in the context of the cu...
CVE-2019-19731
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...
The vulnerability of the .LNK-file processing mechanism in Windows operating systems allows a hacker to secretly execute arbitrary operating system commands.
The vulnerability of the .LNK file processing mechanism in Windows operating systems is related to information representation errors in the user interface. Exploiting this vulnerability allows an attacker to secretly execute arbitrary commands on the operating system by sending a specially crafte...
Path traversal
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...
CVE-2019-19731
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...
CVE-2019-19731
CVE-2019-19731 affects Roxy Fileman 1.4.5 for .NET. The vulnerability is a path traversal flaw that allows a remote attacker to write uploaded files to arbitrary locations via the RENAMEFILE action. Documents describe that this can enable code execution by uploading a crafted Windows shortcut fil...
Roxy Fileman 1.4.5 - Directory Traversal
Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and...
Roxy Fileman 1.4.5 - Directory Traversal
Roxy Fileman 1.4.5 - Directory Traversal Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE:...