CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

CVE-2022-2979 Omron CX-Programmer

Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution...

dotCMS Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DotCMS RCE via Arbitrary File Upload.', 'Description' = %q When files are uploaded into dotCMS via the content API, but before they become conten...

CVE-2021-3129

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2...

CVE-2020-26108

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution SEC-488...

CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

CVE-2015-1326 python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp

python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...

CVE-2017-2617

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed...

1024 CMS 1.1.0 Beta - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/47282/info 1024cms is prone to multiple cross-site scripting vulnerabilities, multiple local file-include vulnerabilities, and a directory-traversal vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an...

CVE-2009-1373

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin formerly Gaim before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information...

EUVD-2008-5204

Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008...

CVE-2007-0787

CVE-2007-0787 describes a PHP remote file inclusion vulnerability in controller.php of the Simple Invoices application, before version 20070202. The flaw allows an attacker to execute arbitrary PHP code by supplying a URL in the module or view parameter. The underlying issue is improper handling ...

EUVD-2007-0362

PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...

CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...

CVE-2006-3102

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the modmime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles...

Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution

The remote host is running Mail-it Now! Upload2Server, a free, PHP feedback form script supporting file uploads. The version of Upload2Server installed on the remote host stores uploaded files insecurely. An attacker may be able to exploit this flaw to upload a file with arbitrary code and then...

AzDGDatingLite V 2.1.3 remote code execution

AzDGDatingLite V 2.1.3 possibly prior versions remote code execution not yet tested the Platinum version software: site: http://www.azdg.com/ download page: http://www.azdg.com/scripts.php?l=english description:" AzDGDatingLite is a Free dating script working on PHP and MySQL. Multilanguage,...

KorWeblog < 1.6.2 Multiple Vulnerabilities

The remote host is using KorWeblog, a web-based log application written in PHP. According to its banner, the installed version of KorWeblog is earlier than 1.6.2. Such versions are affected by reportedly affected by several vulnerabilities that may allow execution of arbitrary PHP code or retriev...

ID Software Quake II Server 3.2 - Multiple Vulnerabilities

ID Software Quake II Server 3.2 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle...

DSA-515 lha - several vulnerabilities

Bulletin has no description...