PT-2026-23513

Name of the Vulnerable Software and Affected Versions Aranda Service Desk Web Edition ASDK API version 8.6 Description An issue allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file ...

JeecgBoot Path Traversal Vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has a path traversal vulnerability that stems from a path traversal vulnerability in the interface...

EUVD-2025-32040

Malicious code in bioql PyPI...

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

File Upload Vulnerability in Website Management System of Kunshan Unicom Technology

Kunshan U-Net Information Technology Co., Ltd. is a website design company that integrates website construction with visual design development and brand online marketing promotion. A file upload vulnerability exists in the website management system of Kunshan YouNET Technology. An attacker can us...

CVE-2018-17836

An issue was discovered in JTBCPHP 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload...

SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7)

!-- SupportSoft DNA Editor Module dnaedit.dll v6.9.2205 remote code execution exploit IE6/7 by Nine:Situations:Group::bruiser vendor url: http://www.supportsoft.com/ our site: http://retrogod.altervista.org/ details: CLSID: 01110800-3E00-11D2-8470-0060089874ED Progid: Tioga.Editor.1 Binary Path:...

SupportSoft DNA Editor Module (dnaedit.dll) Code Execution Exploit

No description provided by source. !-- SupportSoft DNA Editor Module dnaedit.dll v6.9.2205 remote code execution exploit IE6/7 by Nine:Situations:Group::bruiser vendor url: http://www.supportsoft.com/ our site: http://retrogod.altervista.org/ details: CLSID: 01110800-3E00-11D2-8470-0060089874ED...

Design/Logic Flaw

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control ISDM.exe 6.1.100.61372 in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this...

CVE-2008-4587

Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control ISDM.exe 6.1.100.61372 in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this...

Persits Software XUpload AddFile()方式远程栈溢出漏洞

BUGTRAQ ID: 27456 XUpload是功能强大的客户端上传ActiveX控件，允许用户同时上传多个文件。 XUpload的ActiveX控件实现上存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 XUpload的Persits.XUpload.2 ActiveX控件（XUpload.ocx）没有正确地处理传送给AddFile方式的输入参数，如果用户受骗访问了恶意网页并向该方式传送了超长字符串参数的话，就可能触发栈溢出，导致执行任意指令。 Persits XUpload 3.0.0.4 Persits XUpload 2.1.0.1 厂商补丁： Persits...

Persits XUpload 3.0 - 'AddFile()' Remote Buffer Overflow

Persits XUpload 3.0 AddFile Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +...

Versalsoft HTTP File Uploader AddFile() Remote Buffer Overflow Exploit

No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"----------------------------------------------------------------------------------- bVersalsoft HTTP File Uploader UFileUploaderD.dll v. 6.0.0.38 "AddFile" method Remote Buffer Overflow...

CVE-2007-2563

Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control UFileUploaderD.dll allows remote attackers to execute arbitrary code via a long argument...