Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:12 a.m.7 views

CVE-2019-11401

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted...

7.2CVSS7.9AI score0.02872EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/22 9:35 p.m.5 views

CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...

9.8CVSS8.5AI score0.00813EPSS
Exploits1References3
CVE
CVE
added 2025/12/22 9:35 p.m.12 views

CVE-2023-53980

ProjectSend r1605 is affected by a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions via the upload.process.php endpoint, enabling execution of arbitrary commands on the server. The issue, described across multiple sources, stems f...

9.8CVSS8.5AI score0.00813EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/22 9:35 p.m.38 views

CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...

9.8CVSS0.00813EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-5504

Malware in sbrugna...

9.3CVSS6.4AI score0.02746EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-5509

Malware in sbrugna...

9.3CVSS6.4AI score0.03468EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-0296

Malware in sbrugna...

7.6CVSS6.4AI score0.02247EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-5902

Malware in sbrugna...

8.8CVSS8.8AI score0.01047EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-5514

Malware in sbrugna...

9.3CVSS6.4AI score0.10259EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-5521

Malware in sbrugna...

9.3CVSS6.4AI score0.01905EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-5518

Malware in sbrugna...

9.3CVSS6.4AI score0.02951EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-5055

Malware in sbrugna...

6CVSS6.4AI score0.01371EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 3:32 a.m.10 views

CVE-2023-40183

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

7.5CVSS6.8AI score0.00636EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:44 a.m.23 views

Unrestricted file upload

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension...

7.2AI score0.12825EPSS
Exploits5References1
0day.today
0day.today
added 2023/04/05 12:0 a.m.221 views

projectSend r1605 - Remote Code Exectution Vulnerability

Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/05 12:0 a.m.224 views

projectSend r1605 Remote Code Execution

Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.195 views

projectSend r1605 - Remote Code Exectution RCE

Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2022/12/29 12:0 a.m.23 views

Mozilla Thunderbird Security Advisories (MFSA2022-54, MFSA2022-54) - Mac OS X

Thunderbird is prone to a file extension manipulation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.7AI score0.00884EPSS
Exploits0References1
Huntr
Huntr
added 2022/08/06 3:5 p.m.48 views

Full Read Server-Side Request Forgery (SSRF)

Description Via the /api/upload/upload-by-url endpoint is possible to upload an image via an URL provided by the user. The function that handles this upload, doesn't verify or validate the provided URL, allowing to fetch internal services. \ \ Furthermore, after the resource is fetched, there is ...

4CVSS0.6AI score0.02298EPSS
Exploits1
NVD
NVD
added 2019/04/22 11:29 a.m.23 views

CVE-2019-11401

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted...

7.2CVSS7.4AI score0.02872EPSS
Exploits1References1
Rows per page
Query Builder