5 matches found
EUVD-2016-7444
Malware in sbrugna...
CVE-2018-16358
A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...
CVE-2016-6523
Multiple cross-site scripting XSS vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the 1 q or 2 linktype parameter to admin/media.php...
CVE-2014-3782
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...
CVE-2011-1584
The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...