108 matches found
CVE-2026-45233
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
CVE-2026-45233
The CVE details a path traversal in HTMLy CMS (up to version 3.1.1) where an authenticated, low-privilege user can relocate arbitrary files via the admin autosave endpoint. The root cause is unsanitized directory traversal sequences passed to file_exists() and rename() in admin.php without canoni...
CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
EUVD-2026-39459
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
EUVD-2026-36536
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...
CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...
CVE-2026-10715
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type//drafts and overwrite the draft of another user’s post. Affected component: draft autosave f...
CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...
CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...
CVE-2020-36917
iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...
EUVD-2021-19658
Malware in sbrugna...
EUVD-2012-2102
Malware in sbrugna...
EUVD-2021-19666
Malware in sbrugna...
EUVD-2021-19674
Malware in sbrugna...
EUVD-2021-19670
Malware in sbrugna...
EUVD-2021-19654
Malware in sbrugna...
EUVD-2021-19682
Malware in sbrugna...
EUVD-2021-19678
Malware in sbrugna...