Lucene search
K

17 matches found

EUVD
EUVD
added 2026/04/17 6:31 p.m.19 views

EUVD-2026-23459

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS6.2AI score0.04175EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1579

Malware in sbrugna...

4.3CVSS6AI score0.02591EPSS
Exploits1References18
Talos
Talos
added 2023/11/27 12:0 a.m.36 views

Foxit Reader Javascript exportDataObject HTA file creation vulnerability

Talos Vulnerability Report TALOS-2023-1834 Foxit Reader Javascript exportDataObject HTA file creation vulnerability November 27, 2023 CVE Number CVE-2023-35985 SUMMARY An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a...

8.8CVSS8.8AI score0.02673EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.4 views

SUSE CVE-2006-0236

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an...

5.1CVSS7.8AI score0.02009EPSS
Exploits0References3
Huntr
Huntr
added 2022/06/02 4:34 p.m.29 views

Unrestricted Upload of File with any dangerous extension

Description Unrestricted Upload of File with any extension Proof of Concept 1. Create a ticket 2. Upload a file with any dangerous extension 3. Intercept the request in Burp Suite, replace the Content-Type with image/jpeg POC video:...

7.5CVSS0.4AI score0.02649EPSS
Exploits1
Cvelist
Cvelist
added 2014/03/26 10:0 a.m.23 views

CVE-2014-1827

The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file...

6.5AI score0.01007EPSS
Exploits3References1
Prion
Prion
added 2011/05/23 10:55 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

4.3CVSS5.7AI score0.02591EPSS
Exploits2References8Affected Software1
Cvelist
Cvelist
added 2011/05/23 10:0 p.m.29 views

CVE-2011-1765

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

5.4AI score0.02098EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2011/05/23 10:0 p.m.36 views

CVE-2011-1765

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

4.3CVSS5.5AI score0.02098EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2011/05/23 12:0 a.m.4 views

PT-2011-3356 · Mediawiki · Mediawiki

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

4.3CVSS5.3AI score0.02591EPSS
Exploits2References10
Prion
Prion
added 2011/04/27 12:55 a.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

4.3CVSS5.8AI score0.02591EPSS
Exploits1References16Affected Software1
UbuntuCve
UbuntuCve
added 2011/04/27 12:55 a.m.25 views

CVE-2011-1578

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

4.3CVSS5.8AI score0.02591EPSS
Exploits1References1
Prion
Prion
added 2011/04/27 12:55 a.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...

4.3CVSS5.7AI score0.02591EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2011/04/27 12:55 a.m.28 views

CVE-2011-1587

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...

4.3CVSS5.8AI score0.01711EPSS
Exploits0References1
Cvelist
Cvelist
added 2011/04/27 12:0 a.m.30 views

CVE-2011-1578

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

5.4AI score0.02591EPSS
Exploits1References16
CVE
CVE
added 2011/04/27 12:0 a.m.64 views

CVE-2011-1587

MediaWiki vulnerable component: web application logic handling file uploads and URI parsing. CVE-2011-1587 is a cross-site scripting (XSS) flaw affecting MediaWiki prior to 1.16.4, triggered when Internet Explorer 6 or earlier is used and a file with a dangerous extension (e.g., .html) is accesse...

4.3CVSS5.6AI score0.01711EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/06/20 7:0 p.m.26 views

CVE-2007-3285

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a 1 file:/// or 2 resource: URI with a dangerous extension, followed by a NULL byte %00 and a safer extension, which causes Firefox to treat the requested file...

9.3AI score0.01751EPSS
Exploits3References22
Rows per page
Query Builder