6 matches found
CVE-2025-34163
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...
CVE-2020-11598
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file...
Code injection
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file...
CVE-2020-11598
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file...
CVE-2020-11598
CVE-2020-11598 affects CIPPlanner CIPAce 9.1 Build 2019092801; Upload.ashx lets remote attackers upload and execute an ASHX file to achieve arbitrary code execution. The connected sources corroborate a code-execution vector via file upload, with no explicit exploit details or patch information pr...
Taoyuan Network Hard Drive 2. x for . NET version of the arbitrary file upload vulnerability-vulnerability warning-the black bar safety net
No filter ashx Upload 1. ashx file To access the directory http://www/myfile/ η¨ζ·ε /1.ashx %@ WebHandler Language="C" Class="Handler" % using System; using System. Web; public class Handler : IHttpHandler public void ProcessRequest HttpContext context context. Response. ContentType = "text/plain";...