60 matches found
CVE-2019-12809
Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution...
The vulnerability of the web application for managing phpMyAdmin databases lies in the authentication procedures’ deficiencies, which allow attackers to view and execute files on the server.
The vulnerability in the web application for managing phpMyAdmin databases is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely access and manipulate files on the server...
Western Digital MyCloud Unauthenticated File Upload
The remote WD MyCloud device is affected by a file upload vulnerability that allows a remote attacker to upload and execute files. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid105732; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...
CVE-2015-0781
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management ZCM allows remote attackers to upload and execute arbitrary files via unspecified vectors...
Yeager Arbitrary File Upload Vulnerability
Yeager is an open source content management system . Yeager has a security vulnerability that allows remote attackers to exploit the vulnerability to submit a special request to upload arbitrary files and execute...
Suspicious Image File Remote Code Execution Attempt
Certain malicious executable files can be hidden using image file name extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
CVE-2015-4026
The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...
CVE-2012-4959
CVE-2012-4959 affects Novell File Reporter NFRAgent.exe (1.0.2) via directory traversal in FSF/CMD handling of FSFUI records (UICMD 130), enabling remote upload and execution of arbitrary files. Connected data corroborates exploitation in Metasploit modules for NFR Agent 1.0.3/1.0.4.x and public ...
CuteFlow v2.11.2 Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
EUR Form Client Arbitrary File Execution Vulnerability
Overview EUR Form Client has an arbitrary file execution vulnerability. Impact A remote attacker could execute arbitrary file on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Directory traversal
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to 1 getjs.php and 2 getcsslocal.php; and include and execute arbitrary local files via the 3 group parameter to...
CVE-2007-1129
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via 1 an avatar upload in an adddown action, or 2 an addlink action...
CVE-2007-1129
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via 1 an avatar upload in an adddown action, or 2 an addlink action...
CVE-2007-1129
CVE-2007-1129 affects MTCMS 3.2, with multiple unrestricted file upload vulnerabilities that allow remote attackers to upload and execute files via (1) avatar upload in an add_down action or (2) an add_link action. The root cause/precise vulnerable component is not detailed beyond the two upload ...
CVE-2005-3287
Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache director...
CVE-2005-3287
CVE-2005-3287 concerns an incomplete blacklist vulnerability in Mailsite Express that allows remote upload of files via attachments with executable extensions (e.g., ASPX) which are not converted to .TXT and can be directly requested from the cache directory. The sources indicate the issue but do...
PT-2005-4099 · Ftgate · Mailsite Express
Name of the Vulnerable Software and Affected Versions: Mailsite Express affected versions not specified Description: The issue allows remote attackers to upload and execute files with executable extensions, such as ASP, by utilizing the compose page feature. Attackers can attach the file and then...
CVE-2005-0332
Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to 1 upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or 2 delete arbitrary files via the selectfile...
CVE-2004-1426
CVE-2004-1426 affects KorWeblog 1.6.2-cvs and earlier. This directory traversal vulnerability in index.php (lng parameter) allows remote reading of arbitrary files and potential PHP file execution via ".." sequences. The provided documents confirm the affected software and payload, but do not inc...
CVE-2000-0072
Visual Casel Vcasel does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges...