CVE-2025-3169

CVE-2025-3169 affects Projeqtor up to 12.0.2. The vulnerability resides in the file /tool/saveAttachment.php where manipulating the attachmentFiles parameter enables unrestricted uploads. It can be triggered remotely, with attack complexity rated as high; exploitation is known to be difficult and...

CVE-2024-13641

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for...

PT-2025-6590 · WordPress · The Return Refund/Exchange For Woocommerce – Return Management System

Name of the Vulnerable Software and Affected Versions: The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress versions up to, and including, 4.4.5 Description: The issue allows unauthenticated attackers to...

CVE-2021-33353

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...

Wyomind Magento 路径遍历漏洞

Wyomind Magento is a ticketing system from Wyomind. A security vulnerability exists in Wyomind Help Desk Magento 2 extension version v.1.3.6 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code via file attachment directory settings...

Starbucks: sdrc.starbucks.com - Information Disclosure via unsecured attachment directory

l00ph0le submitted a valid high severity XSS vulnerability report for sdrc.starbucks.com. After Starbucks confirmed this vulnerability and advised this asset was not in scope; l00ph0le performed additional analysis and research to uncover an unsecured attachment directory which elevated this to a...

NetCms website management system upload vulnerability and fix-vulnerability warning-the black bar safety net

NetCms website management system upload vulnerability and fix Vulnerabilities Web application:NetCms website management system Vulnerability in the file the website registration address:/user/login. aspx 1. First of all, we in the Baidu or Google searchkeywords: “NetCms site management system” ! ...

Privilege escalation vulnerability when administrator access is compromised

panel:borderColor=ff0000|borderStyle=solid|bgColor=ffccccNote: This issue is superceded by JRA-21004. Please install the patches on that issue, rather than this one. For more details, see JIRA Security Advisory -...

squirrelmail: squirrelspell plugin check_me.mod.php bug

In-Reply-To: [email protected] Squirrelspell v0.3.1 is know to be affected, vulnerability of other versions is unknown. The buggy code extraction: --------------------- // Define the command used to spellcheck the document. $sqspellcommand=$SQSPELLAPP...