Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-7444

Malware in sbrugna...

6.1CVSS6.3AI score0.013EPSS
Exploits0References6
NVD
NVD
added 2018/09/02 10:29 p.m.23 views

CVE-2018-16358

A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...

5.4CVSS5AI score0.0068EPSS
Exploits0References1
OSV
OSV
added 2016/12/09 8:59 p.m.6 views

CVE-2016-6523

Multiple cross-site scripting XSS vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the 1 q or 2 linktype parameter to admin/media.php...

6.1CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added 2014/06/11 2:0 p.m.48 views

CVE-2014-3782

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...

7.2AI score0.01206EPSS
Exploits2References6
NVD
NVD
added 2011/06/08 10:36 a.m.12 views

CVE-2011-1584

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...

6.5CVSS7.2AI score0.01691EPSS
Exploits1References9
Rows per page
Query Builder