EUVD-2021-23178

Malware in sbrugna...

EUVD-2022-31758

Malicious code in bioql PyPI...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

CVE-2025-1646 Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload

A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...

CVE-2022-34919

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands...

CVE-2022-27249

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource...

CVE-2022-27249

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource...

Unrestricted file upload

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource...

CVE-2022-27249

CVE-2022-27249 describes an unrestricted file upload in IdeaRE RefTree prior to 2021.09.17. The vulnerability allows remote authenticated users to upload a crafted aspx file to the web root via the UploadDwg feature and then access the resource to execute arbitrary code. Impact is high (remote co...

Unrestricted file upload leads to stored XSS

Description A user can bypass checking and upload .aspx file which lead to stored XSS. Proof of Concept Log in as admin: https://demo.microweber.org/demo/admin/ Go to Websites Edit a page. Under Pictures, choose Add files Instead of uploading a normal picture, use the below request to upload an...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

SQL Injection Vulnerability in Worklog Us***_Ro***.aspx file of Shanghai Tsuen Lu Software Development Studio.

Worklog system Worklog is a system that allows employees to record the content of their work, provide timely feedback to their superiors on difficulties encountered at work, and supervisors can assess the work of their employees and allow the system to generate KPI reports. Worklog UsRo.aspx file...

SQL injection vulnerability in Us***_Ro***.aspx file in the background of Qixing intranet OA system.

Qixing OA system formerly Qixing Portal system contains news, notifications, documents, gallery and process form content. A SQL injection vulnerability exists in the backend of Qixing Intranet OA System, which can be exploited by attackers to manipulate the database...

PT-2018-14577 · Microstrategy · Microstrategy Analytics

Name of the Vulnerable Software and Affected Versions: Microstrategy Analytics versions prior to 10.4.0026.0049 Description: The issue concerns a CSRF problem in the main.aspx file. The vendor has provided documentation for preventing CSRF attacks, but there is a disagreement on whether this issu...

CVE-2016-5050

Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file...

Unrestricted file upload

Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file...

CVE-2016-5050

Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file...

Speed Tony CMS App_Site/SiteSearch. the aspx file Title parameter SQL injection vulnerability

No description provided by source...

Umbraco CMS 4.x Arbitrary aspx File Upload Vulnerability

Umbraco CMS version 4.x is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx method SaveDLRScript. I created this exploit because in some audits the public exploit that juan vazquez...