CVE-2025-58048

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

CVE-2025-58048

CVE-2025-58048 affects Paymenter before version 1.2.11. The ticket attachments feature lets an authenticated user upload arbitrary files, enabling sensitive data extraction, credentials read from configuration files, and arbitrary commands executed under the web server user. A fix was released in...

CVE-2025-58048 Paymenter Vulnerable to Remote Code Execution via Public File Uploads

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

Paymenter 代码问题漏洞

Paymenter is an online store hosting software from Paymenter open source. A code issue vulnerability exists in Paymenter versions prior to 1.2.11, which stems from the ticket attachment feature that allows the upload of arbitrary files, which could lead to sensitive data disclosure or system...

PT-2025-35120

Name of the Vulnerable Software and Affected Versions: Paymenter versions prior to 1.2.11 Description: Paymenter is a free and open-source webshop solution for hostings. The ticket attachments functionality allows a malicious authenticated user to upload arbitrary files. This could result in...

Linux Distros Unpatched Vulnerability : CVE-2024-3248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Xpdf 4.05 and earlier, a PDF object loop in the attachments leads to infinite recursion and a stack overflow. CVE-2024-3248 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2024-28184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs ...

CVE-2024-56179

In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files...

CVE-2025-43752

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

Linux Distros Unpatched Vulnerability : CVE-2018-19206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

GHSA-QPP6-F3QJ-RGGQ Liferay Portal's Unlimited File Upload Could Result in DoS

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

Liferay Portal's Unlimited File Upload Could Result in DoS

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

CVE-2025-43752

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

CVE-2025-43752

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

CVE-2025-43752

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

CVE-2025-43752

Summary: CVE-2025-43752 affects Liferay Portal 7.4.x (including 7.4 GA up to update 92) and Liferay DXP 2025.Q1.x (and 2024 Q1–Q4 releases), where an unrestricted file upload via object entries attachment fields allows unlimited files to be stored in document_library, enabling potential DoS via r...

CVE-2024-56179

In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files...

PT-2025-34365 · Liveshare · Mindmanager

Name of the Vulnerable Software and Affected Versions: MindManager versions prior to 24.1.150 Description: In MindManager for Windows, a directory traversal issue allows attackers to potentially write to unexpected directories on a victim’s machine. This occurs when a user opens file attachments...

CVE-2024-56179

CVE-2024-56179 affects MindManager for Windows. Prior to version 24.1.150, the product is vulnerable to a directory-traversal issue when a user opens file attachments located in malicious mmap files, potentially allowing writing to unintended directories on the victim’s machine. Root cause: trave...

CVE-2024-56179

In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files...