EUVD-2022-2570

Malicious code in bioql PyPI...

Arbitrary File Upload

Mattermost is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of upload types because remote cluster upload sessions allow system admins to upload non-attachment file types, potentially enabling placement of files in arbitrary filesystem directories...

CVE-2025-49222

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...

GHSA-Q453-638C-H4MR Mattermost Fails to Validate Remote Cluster Upload Sessions

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...

CVE-2025-49222

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...

CVE-2025-49222 Mattermost Shared Channel Upload Type Validation Bypass

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...

CVE-2025-49222

Mattermost CVE-2025-49222 affects Mattermost Server versions 9.11.x, 10.5.x, 10.8.x, 10.9.x, and 10.10.x, where upload type validation in remote cluster upload sessions can be bypassed, allowing a system admin to upload non‑attachment file types that may be placed in arbitrary filesystem director...

CVE-2019-17051

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file...

Projeqtor 代码问题漏洞

Projeqtor is an open source PHP-based project management software from the Projeqtor community. The software is used to organize various functions required for multiple projects and is suitable for IT projects. A code issue vulnerability exists in Projeqtor 12.0.2 and earlier versions, which stem...

CVE-2024-9626

The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxzemantasetfeaturedimage' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2023-5355 Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...

CVE-2020-5582

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors...

CVE-2019-17051

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file...

Remote code execution

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file...

phpMyFAQ cross-site request forgery vulnerability (CNVD-2017-33507)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

Threat Outbreak Alert RuleID14931: Email Messages Distributing Malicious Software on July 1, 2015

Medium Alert ID: 38539 First Published: 2015 April 27 14:34 GMT Last Updated: 2015 July 2 13:20 GMT Version: 7 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID14931 and...

Threat Outbreak Alert RuleID7930: Email Messages Distributing Malicious Software on August 11, 2015

Medium Alert ID: 37188 First Published: 2015 January 28 15:47 GMT Last Updated: 2015 August 11 19:55 GMT Version: 64 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID7930KV...

Debian Security Advisory DSA 1154-1 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory DSA 1154-1. James Bercegay of GulfTech Security Research disovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or wri...

Debian: Security Advisory (DSA-1154)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1154-1 : squirrelmail - variable overwriting

James Bercegay of GulfTech Security Research discovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or write the preferences or attachment files of other users. %NASLMINLEVEL 70300 C Tenable...