15 matches found
GHSA-C4QG-J8JG-42Q5 OpenClaw: QQBot direct media upload skipped URL SSRF validation
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The QQBot direct-upload media path could forward attacker-controlled image URLs without applying the SSRF validation used by the local download path. This could make configured...
CVE-2026-33173
A flaw was found in Rails Active Storage. A remote attacker, acting as a direct-upload client, can exploit this vulnerability by manipulating metadata during file uploads. By setting internal flags, the attacker can bypass the system's automatic MIME Multipurpose Internet Mail Extensions type...
GHSA-QCFX-2MFW-W4CG Rails Active Storage has possible content type bypass via metadata in direct uploads
Impact Active Storage's DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the same metadata hash, a malicious direct-upload client could set these flags. Releases The fixed releases are...
Exploit for Improper Access Control in Webmin
Webmin-CVE-2022-0824-Enhanced-Exploit !IMPORTANT Enhan...
GHSA-9W99-78RJ-HMXQ Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
GHSA-M42X-37P3-FV5W Circumvention of file size limits in ActiveStorage
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...
Circumvention of file size limits in ActiveStorage
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...
Ruby on Rails: ActiveStorage direct upload fails to sign content-length header for S3 service
When a user makes a direct upload using ActiveStorage, the browser makes a request to the DirectUploadsController containing the directupload parameters filename, contenttype, bytesize, and checksum. These are used to generate a presigned url that is then passed back to the browser, allowing the...
phpcms latest vulnerability that! Background direct upload SHELL vulnerability to upload arbitrary files-the vulnerability warning-the black bar safety net
Author: y0u By law the guest Forum Today doing PHPCMS enterprise's basic template, stumbled upon the PHPCMS a direct upload arbitrary file vulnerability. Click on the module business template Management Add corporate template. Then add a ZIP compression package. ZIP archive inside a PHP Trojan,...
phpcms latest vulnerability that! Background direct upload SHELL vulnerability-vulnerability warning-the black bar safety net
Today doing PHPCMS enterprise's basic template, stumbled upon the PHPCMS a direct upload arbitrary file vulnerability. Click on the module business template Management Add corporate template. Then add a ZIP compression package. ZIP archive inside a PHP Trojan, back we all understand. Decompressio...
The hospital was built Station system arbitrary file upload vulnerability-vulnerability warning-the black bar safety net
| Vulnerability file: upfile. aspx I first posted 9 8 line to 1 3 0 lines of code out ,look a bit funny! Google for: inurl:cms/Column. aspx? that inurl:cms/Column. aspx? LMID= too much,your own to find more keywords! | 0 1 | ---|--- 0 2 | function chkform ---|--- 0 3 | ---|--- 0 4 | ---|--- 0 5 |...
QuiXplorer 2.3 - Bugtraq Arbitrary File Upload
Exploit Title: QuiXplorer 2.3 = Bugtraq File Upload Vulnerability Google Dork: "QuiXplorer 2.3 - the QuiX project" Date: 13/11/2011 Author: PCA & krhrkrhr and Software Link: http://quixplorer.sourceforge.net/ Version: QuiXplorer 2.3 Tested on: linux ,windows CVE :...
aspcms Station system injection 0day-vulnerability warning-the black bar safety net
aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and Support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. Vulnerability file:/plug/productbuy...
Taobao Dr mutual brush platform Alliance upload vulnerability-vulnerability warning-the black bar safety net
In fact, this vulnerability is a dynamic Shopping Mall that upload issue. if session“useridname””" or session“AdminName””" then this is uploadflash. the asp file to access the authentication, you'll need to register a user can upload. With a bright kid direct upload. Find a keyword, but you can...
From the background to give the webshell tips great summary-vulnerability warning-the black bar safety net
Foreword Moving webonexploit, I believe we scored a lot of chickens. Can say ismoving weblet upfile. asp Upload file filter is not strict. vulnerabilitysho ran the world, Now thisvulnerabilityhas been substantially more difficult to meet, do not rule out some small sites still exist for...