41 matches found
CVE-2026-8801
Technical details about CVE-2026-8801 are not publicly available in the provided documents. Monitor for further updates from vendors and standard CVE sources.
CVE-2026-41934
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...
CVE-2026-31424
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...
Improper Input Validation
code.gitea.io/gitea is vulnerable to improper input validation. The vulnerability is due to insufficient validation of attachment file names in the attachment API, which allows an attacker to bypass file extension restrictions by modifying the attachment name...
CVE-2009-4444
Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...
EUVD-2009-3443
Malware in sbrugna...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and prior versions that stems from improper access control of the Web Extension...
Brave Desktop 1.69.153 Security Fixes
Implemented process hardening for the Brave VPN services on Windows. - Implemented a trusted source check for "Elevator::InstallVPNServices". - Updated code to use JSON serialization to escape all unsafe symbols in SpeedReader. - Limited extension features to allow listed extensions. Upgraded...
CVE-2024-29368
An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...
CVE-2024-29368
An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...
CVE-2024-29368
An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...
Oracle Linux 6 / 7 : php54 (ELSA-2015-1066)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1066 advisory. - fix use after free CVE-2015-1351 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...
SUSE-SU-2023:1819-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 102.10.0 ESR bsc1210212 - CVE-2023-29531: Out-of-bound memory access in WebGL on macOS - CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass - CVE-2023-29533: Fullscreen notification obscured -...
Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Bypass of Filename Extension Restrictions Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public...
CVE-2019-16318
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...
CVE-2019-16318
Technical details for CVE-2019-16318 are not publicly available in the provided documents. Monitor Pimcore advisories and related sources for updates on affected versions, impact, and remediation.
CVE-2019-16318
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317...
PHP 5.6.x < 5.6.9 Multiple Vulnerabilities
According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\0'...
WordPress LearnDash 2.5.3 File Upload
Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...
LMCMS Backend Arbitrary File Upload Vulnerability
LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system's management background under the full media library section of the file management to...