12 matches found
CVE-2026-40040 Pachno 1.0.6 Unrestricted File Upload Remote Code Execution
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute th...
CVE-2026-26975
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2025-24169
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication...
Gym Management System 1.0 Remote Code Execution
Exploit Title: Gym Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Date: May 21th, 2020 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/gym-management-system-project-in-php/ Version: 1.0 Teste...
CVE-2019-5778
CVE-2019-5778 affects Google Chrome/Chromium extensions. The available description states a missing case in handling special schemes during permission request checks in Extensions, allowing bypass of extension permission checks for privileged pages via a crafted Chrome Extension (pre 72.0.3626.81...
Google Chrome < 59.0.3071.86 Multiple Vulnerabilities
Binary data 700131.pasl...
easyadmin v1.0.5 comment.php has an arbitrary file upload vulnerability
EAdmin Minimalist Community is a free and open source, fast and simple community program that was created to quickly build a community and communication platform. easyadmin v1.0.5 comment.php has an arbitrary file upload vulnerability. The vulnerability occurs because the data submitted by visito...
Ajax Upload Arbitrary File Upload
Exploit for multiple platform in category web applications Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested o...
Ajax Upload Shell Upload
Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested on: Linux Comment Agradezco a mis amigos: Hernan Jais, Alfon...
Ajax Upload - Arbitrary File Upload
Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested on: Linux Comment Agradezco a mis amigos: Hernan Jais, Alfon...