26 matches found
EUVD-2016-2011
Malware in sbrugna...
EUVD-2008-0245
Malware in sbrugna...
EUVD-2008-7116
Malware in sbrugna...
EUVD-2002-2324
Malware in sbrugna...
EUVD-2024-47944
Malicious code in bioql PyPI...
CVE-2016-11020
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution...
PT-2024-36436 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the /teacher avatar.php file. This allows remote attackers to execute arbitrary JavaScript via the filename parameter...
WordPress plugin School Management System 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...
CVE-2024-6958
A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /stupdate.php of the component Avatar File Handler. The manipulation of the argument personalimage leads to unrestricted upload. The attack can be...
CVE-2024-6958 itsourcecode University Management System Avatar File st_update.php unrestricted upload
A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /stupdate.php of the component Avatar File Handler. The manipulation of the argument personalimage leads to unrestricted upload. The attack can be...
CVE-2024-6958 itsourcecode University Management System Avatar File st_update.php unrestricted upload
A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /stupdate.php of the component Avatar File Handler. The manipulation of the argument personalimage leads to unrestricted upload. The attack can be...
PT-2024-37997 · Itsourcecode · Itsourcecode University Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode University Management System version 1.0 Description: A critical issue was found in the Avatar File Handler component of the itsourcecode University Management System, specifically affecting the file /st update.php. The...
CVE-2023-5829
A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file studentavatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
PT-2023-32361 · Code Projects · Code-Projects Admission Management System
Name of the Vulnerable Software and Affected Versions: code-projects Admission Management System version 1.0 Description: A critical issue affects some unknown functionality of the file student avatar.php, leading to unrestricted upload. The attack can be launched remotely. Recommendations: For...
CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...
CVE-2020-12846
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files exe,sh,bat,jar in the Contact section of the mailbox as an avatar image for ...
CVE-2020-12846
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files exe,sh,bat,jar in the Contact section of the mailbox as an avatar image for ...
Remote code execution
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files exe,sh,bat,jar in the Contact section of the mailbox as an avatar image for ...
CVE-2020-12846
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files exe,sh,bat,jar in the Contact section of the mailbox as an avatar image for ...
phpBB <= 2.0.21 (Poison NULL Byte) Remote Exploit
No description provided by source. !/usr/bin/perl -w Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte...