9 matches found
VulnCheck KEV: CVE-2025-2749
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41720
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
EUVD-2025-35333
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
CVE-2025-41720
CVE-2025-41720 affects Sauter modu680-AS (modular automation station with a web server). The issue arises when the webserver API validates only the file extension, allowing a low-privileged remote attacker to upload arbitrary data masked as a PNG file. The root cause is insufficient validation of...
Sauter modu680-AS 安全漏洞
Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A security vulnerability exists in Sauter modu680-AS, which stems from validating only file extensions and could lead to the upload of arbitrary data by a low-privileged remote attacker...
Support Incident Tracker <= 3.65 Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Simple PHP Blog 0.4.0 Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Simple PHP...