SonicWall SMA100 10.2.2.2-92sv With Additional File Checking

SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices. While this is a valuable security step and a necessary measure to protect our customers, it’s equally important to clarify th...

CVE-2025-48471 FreeScout Vulnerable to Arbitrary File Upload

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code executi...

FAQ for XenMobile 10 Migration Tool

This article provides information on frequently asked questions and answers for XenMobile 10 MDM migration tool. Contents Q: What XenMobile editions are supported with the migration tool? Q: What versions of XenMobile are supported with the migration tool? Q: Where is the XenMobile 10 migration...

Wordpress Travelscape v1.0.3 Theme - Arbitrary File Upload Exploit

Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys import os.path import requests import re import urllib3 from requests.exceptions import SSLError from multiprocessing.dummy impor...

Remote Code Execution (RCE)

broccoli-compass is vulnerable to Remote Code Execution RCE. Lack of proper checking of attacker-controlled filenames which is included in the list of files passed to the library via its files option, allows an attacker to execute malicious code on the system...

AeroCMS 0.0.1 Shell Upload

AeroCMS-Unrestricted-File-Upload-POC Author: D4rkP0w4r Description = Upload web shell at Post Image in admin panel Step to Reproduct Login to admin panel - Posts - Add Posts - Post Image - upload malicious file shell.php - access /images/shell.php on url - shell.php page Exploit When upload succe...

Code injection

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified...

CVE-2020-0606

A vulnerability related to checking the source makeup of a file has been reported in .NET software. A remote attacker can exploit this vulnerability to execute arbitrary code by tricking a user into opening a specially crafted file...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

CVE-2019-0105

Insufficient file permissions checking in install routine for IntelR Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access...

[Http-enum] Automated HTTP Enumeration Tool

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool...

Chevereto nb1.91 Denial Of Service

Exploit for windows platform in category dos / poc ======================================================================================== Vulnerable Software: cheveretonb1.91 Downloaded from: http://code.google.com/p/chevereto/downloads/list...

OpenX 2.6.3 Local File Inclusion

I have found a local file inclusion exploit in OpenX 2.6.3, this is in the script "fc.php", located in /www/delivery/ Here is a snip of the code: snip includeonce '../../init-delivery.php'; $MAXPLUGINSADPLUGINNAME = 'MAXtype'; if!isset$GET$MAXPLUGINSADPLUGINNAME echo $MAXPLUGINSADPLUGINNAME . ' i...

NOD32 antivirus buffer overflow

Buffer overflow on file checking with oversized path...

Norton Antivirus protection bypass

Files with special characters in path are not checked...

File existance checking in Microsoft Internet Explorer

It's possible to check file existance with dynsrc property or with file:// URL in conjunction with javascript...

Дырка в виртуальной машине Java клиента Lotus Notes

Дырка в виртулаьной машине позволяет проверять наличие файла на клиентской машине...