EUVD-2007-5034

Malware in sbrugna...

EUVD-2013-1857

Malware in sbrugna...

CVE-2015-8832

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a 1 .pht, 2 .php...

CVE-2015-8832

Dotclear before 2.8.2 has multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php that allow remote authenticated users with the permissions to “manage their own media items” and “manage their own entries and comments” to upload a file with a (1) .pht, (2) .phps, or (3) .phtml...

CVE-2016-0760

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the 1 reflect, 2 reflect2, or 3 javamethod Hive builtin functions...

CVE-2016-0760

CVE-2016-0760 pertains to Apache Sentry prior to 1.7.0, where multiple incomplete blacklist checks allow remote authenticated users to execute arbitrary code through the Hive builtin functions reflect, reflect2, and java_method. The linked records (NVD, OSV, CNVD, CVE lists) consistently describe...

Input validation

Multiple incomplete blacklist vulnerabilities in the serendipityisActiveFile function in include/functionsimages.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .pht or 2 .phtml extension...

CVE-2015-6968

Multiple incomplete blacklist vulnerabilities in the serendipityisActiveFile function in include/functionsimages.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .pht or 2 .phtml extension...

Input validation

Multiple incomplete blacklist vulnerabilities in 1 import.php and 2 ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file...

CVE-2013-1850

CVE-2013-1850 affects ownCloud Server prior to 4.0.13 and prior to 4.5.8 (4.5.x). The vulnerability is an incomplete blacklist in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php that allows authenticated remote users to upload a .htaccess file and thereby achieve arbitrary PHP co...

Input validation

Multiple incomplete blacklist vulnerabilities in the Simple File Upload modsimplefileuploadv1.3 module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a 1 php5, 2 php6, or 3 double e.g. .php.jpg extension, then accessing it via a direct request t...

CVE-2011-5148

Multiple incomplete blacklist vulnerabilities in the Simple File Upload modsimplefileuploadv1.3 module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a 1 php5, 2 php6, or 3 double e.g. .php.jpg extension, then accessing it via a direct request t...

CVE-2007-5053

CVE-2007-5053 affects iziContents 1 RC6 and earlier. The vulnerability consists of multiple incomplete blacklist flaws that allow remote attackers to execute arbitrary PHP code via crafted URLs in various parameters across modules (e.g., admin_home in modules/poll/poll_summary.php; rootdp in incl...