11 matches found
EUVD-2025-16882
Malicious code in bioql PyPI...
EUVD-2025-6260
Malicious code in bioql PyPI...
CVE-2025-21609
SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...
CVE-2020-5296
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...
20,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP Ultimate CSV Importer WordPress Plugin
📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion
The plugin does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file To delete the license.txt at the root of the blog: await...
Telesquare TLR-2855KS6 - Arbitrary File Deletion
Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Deletion Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46419 Proof of Concept DELETE /cgi-bin/test.cgi HTTP/1.1 Host:...
Logic Flaw Vulnerability in SongCMS
SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. A logic flaw vulnerability exists in SongCMS. An attacker can exploit this vulnerability...
UsualToolCMS suffers from an arbitrary file deletion vulnerability (CNVD-2021-03498)
UsualToolCMS UTCMS is a content management system and rapid site building framework. UsualToolCMS suffers from an arbitrary file deletion vulnerability. An attacker can exploit the vulnerability to delete arbitrary files...
U-mail一处SQL注入+任意文件删除
简要描述: U-mail一处SQL注入+任意文件删除 详细说明: oletterpaper.php 1.sql注入: if ACTION == "letterpaper-set" $url = makelink "option", "view", "letterpaper" ; $lpid = gss $POST'id' ; .... if $lpid $lpinfo = $Widget-getoneletterpaper "id=".$lpid, "", 0 ; 没啥好分析的,直接上exp...
Silentum Uploader 1.4.0 Remote File Deletion Exploit
No description provided by source. Vendor: http://hypersilence.net Versions: Silentum Uploader 1.4.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=2 ---- Due to insufficient validation of client-side data, we...