31 matches found
EUVD-2025-35333
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
CVE-2025-41720 Sauter: Arbitrary File Upload
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
EUVD-2007-4010
Malware in sbrugna...
EUVD-2005-2438
Malware in sbrugna...
EUVD-2022-3157
Malicious code in bioql PyPI...
EUVD-2024-32280
Malicious code in bioql PyPI...
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
A new study of integrated development environments IDEs like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. "We...
CVE-2023-0350
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type...
GHSA-G872-JWWR-VGGM Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...
CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...
PT-2024-5487 · Admidio · Admidio
Name of the Vulnerable Software and Affected Versions: Admidio versions prior to 4.3.10 Description: A Remote Code Execution issue exists in the Message module of the Admidio Application. This is due to the lack of file extension verification, allowing malicious files to be uploaded to the server...
PT-2024-27265 · Opengnsys · Opengnsys
Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to send a POST request to the endpoint '/opengnsys/images/M Icons.php' and modify the file extension due to a lack of file extension verification. This results in a...
Cross site scripting
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...
CVE-2021-43855 Stored XSS via SVG in Requarks/wiki
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...
CVE-2021-36581
Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server...
Unrestricted file upload
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...
chromium-browser: extension message verification error
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension...
Security update for chromium (important)
This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth...