13 matches found
EUVD-2020-5695
Malware in sbrugna...
EUVD-2020-23038
Malware in sbrugna...
CVE-2020-35362
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...
CVE-2020-13442
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/...
CVE-2020-35362
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...
CVE-2020-35362
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...
Directory traversal
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...
CVE-2020-35362
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...
CVE-2020-35362
CVE-2020-35362 affects DEXT5Upload 2.7.1262310 and earlier. The issue is Directory Traversal in handler/dext5handler.jsp, allowing remote files to be downloaded via a dext5CMD=downloadRequest action when traversal is used in the fileVirtualPath parameter and the attacker provides the correct file...
Raonwiz DEXT5 Path Traversal Vulnerability
Raonwiz DEXT5 is a set of HTML5-based file transfer solution from Raonwiz Korea. The product supports encrypted file transfer, form building, etc. DEXT5Upload is one of the file upload components. A path traversal vulnerability exists in DEXT5Upload version 2.7.1262310 and earlier versions, which...
CVE-2020-13442
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/...
Remote code execution
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/...
CVE-2020-13442
This entry describes a Remote Code Execution vulnerability in Raonwiz DEXT5Upload (DEXT5) up to version 2.7.1402870. The issue arises because an attacker can upload a PHP file via the dext5handler.jsp handler, with the uploaded file stored under the dext5uploadeddata/ directory, enabling code exe...