12 matches found
EUVD-2019-8670
Malware in sbrugna...
EUVD-2025-19026
Malicious code in bioql PyPI...
EUVD-2024-38271
Malicious code in bioql PyPI...
CVE-2025-32977
Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 allows unauthenticated users to upload backup files to the system. While signature validation is implemented,...
CVE-2024-8746 File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...
Design/Logic Flaw
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password...
CVE-2019-19020
CVE-2019-19020 affects TitanHQ WebTitan up to version 5.17. An attacker with a valid WebTitan web interface account can upload a crafted backup file that allows arbitrary code execution by overwriting existing files or adding new PHP files under the web root. This results in remote code execution...
CVE-2019-19020
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to ha...
Xiaomi Mi WiFi R3G Command Injection Vulnerability
The Xiaomi Mi WiFi R3G is a 3G router from the Chinese company Xiaomi Technology. A security vulnerability exists in the Xiaomi Mi WiFi R3G backup file upload handling, which allows remote attackers to exploit the vulnerability to submit a special request that can execute arbitrary OS commands...
CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...
CVE-2018-16093
CVE-2018-16093 affects Lenovo XClarity Integrator for VMware prior to version 5.5. An authenticated user can write to arbitrary system files due to insufficient filtering during backup file uploads. CNVD/NVD entries corroborate this behavior. Remediation: upgrade LXCI for VMware to version 5.5 or...
File Upload Vulnerability in SEMCMS_ASP_v4.5
SemCMS is an open source foreign trade enterprise website management system, written in vbscript language, combined with iis running, SemCMS is very suitable for foreign trade enterprises, e-commerce Internet use. SemCms ASPv4.5 version of the editor database backup file upload vulnerability ,...