34 matches found
CVE-2019-11401
A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted...
CVE-2023-53980
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...
CVE-2023-53980
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...
CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...
CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...
CVE-2023-53980
ProjectSend r1605 is affected by a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions via the upload.process.php endpoint, enabling execution of arbitrary commands on the server. The issue, described across multiple sources, stems f...
ProjectSend 代码问题漏洞
ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A code issue vulnerability exists in ProjectSend version r1605, which stems from a vulnerability that allows an attacker to upload malicious files by manipulating file extensions...
EUVD-2008-5504
Malware in sbrugna...
EUVD-2017-5902
Malware in sbrugna...
EUVD-2008-5521
Malware in sbrugna...
EUVD-2006-1395
Malware in sbrugna...
EUVD-2008-5509
Malware in sbrugna...
EUVD-2002-0296
Malware in sbrugna...
EUVD-2008-5514
Malware in sbrugna...
EUVD-2008-5518
Malware in sbrugna...
EUVD-2010-5055
Malware in sbrugna...
CVE-2023-40183
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...
Updated thunderbird, thunderbird-l10n packages fix security vulnerabilities
CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC...
CVE-2024-12006 W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and...
Oracle Linux 9 : skopeo (ELSA-2024-1149)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1149 advisory. 2:1.13.3-4 - Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 Tenable has...