CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...

EUVD-2008-0579

Malware in sbrugna...

Design/Logic Flaw

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...

Input validation

The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors...

CVE-2008-0569

The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors...

CVE-2008-0569

The CVE-2008-0569 entry concerns Drupal’s Comment Upload module. Affected: Comment Upload 4.7.x (before 4.7.x-0.1) and 5.x (before 5.x-0.1). Root cause: the module does not properly use functions in the upload module, allowing bypass of upload validation. Impact: remote attackers may upload arbit...