EUVD-2007-0865

Malware in sbrugna...

CVE-2025-7643

The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handleactions function in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

CVE-2025-7643 Attachment Manager <= 2.1.2 - Unauthenticated Arbitrary File Deletion

The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handleactions function in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

WordPress plugin Attachment Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2025-30004 · WordPress · Attachment Manager

Name of the Vulnerable Software and Affected Versions: Attachment Manager plugin for WordPress versions up to and including 2.1.2 Description: The Attachment Manager plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the handle actions...

Apple iOS和Apple iPadOS 缓冲区错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple iOS 15 and iPadOS 15 have a buffer error vulnerability that originates from a boundary error in the attachment manager. A...

Apple iPadOS 缓冲区错误漏洞

Apple iPadOS is a suite of operating systems from Apple Inc. for the iPad tablet computer. Apple iPadOS suffers from a buffer error vulnerability that originates from a boundary error in the Attachment Manager. An attacker can exploit the vulnerability to trigger excessive memory consumption and...

Microsoft Windows: Do not preserve zone information in file attachments

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winzoneinfoattachments.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Do not preserve zone information in file attachments users listed in HKU Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH...

Windows Attachment Manager Incorrect High Risk JAR Handling Vulnerability

The Windows Attachment Manager does not correctly handle JAR files marked as high risk when accessed via Internet Explorer 11. Scenario: The Windows Attachment Manager does not correctly handle JAR files marked as "high risk" when accessed via Internet Explorer 11. This leads to direct execution ...

WordPress Attachment Manager Plugin <= 2.1.1 - Arbitrary File Upload Vulnerability

WordPress Attachment Manager Plugin Arbitrary File Upload Vulnerability is prone to a Arbitrary File Upload Vulnerability. In the function handeactions, it's missing an additional check for "page" and "wamaddicon" GET variables. Solution Update the plugin...

Cross site scripting

Cross-site scripting XSS vulnerability in the Attachment Manager admincp/attachment.php in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information i...

CVE-2007-0869

Cross-site scripting XSS vulnerability in the Attachment Manager admincp/attachment.php in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information i...

CVE-2007-0869

CVE-2007-0869 affects Jelsoft vBulletin 3.6.4: an XSS vulnerability in the Attachment Manager (admincp/attachment.php) allows remote attackers to inject arbitrary script/HTML via the Extension field. The entry cites a possible duplicate of CVE-2007-0830 and notes uncertain provenance (information...

CVE-2007-0830

Multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the 1 User Group Manager, 2 User Rank Manager, 3 User Title Manager, ...

CVE-2007-0830

Multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the 1 User Group Manager, 2 User Rank Manager, 3 User Title Manager, ...

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability to have arbitrary script code execute in the...