3 matches found
PT-2026-29817
Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack's Rack::Multipart::Parser does not limit the size of multipart uploads when a Content-Length header is not present, such as with HTTP chunked transfer encoding. Specifically, wh...
CVE-2025-65844
EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary...
CVE-2004-0407
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service disk consumption by repeatedly uploading files and interrupting the uploads before they finish...