Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-4010

Malware in sbrugna...

6.8CVSS6.4AI score0.01165EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2005-2438

Malware in sbrugna...

5CVSS6.4AI score0.01351EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3157

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00455EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32280

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00765EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:55 a.m.6 views

CVE-2023-0350

Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type...

6.5CVSS6.5AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 4:32 p.m.16 views

GHSA-G872-JWWR-VGGM Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

9.3CVSS9.4AI score0.01245EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/07/29 4:32 p.m.20 views

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

9CVSS8.4AI score0.01245EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/07/29 2:29 p.m.21 views

CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...

9CVSS7AI score0.01245EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2024/07/29 12:0 a.m.21 views

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

9CVSS8.4AI score0.01245EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.5 views

PT-2024-5487 · Admidio · Admidio

Name of the Vulnerable Software and Affected Versions: Admidio versions prior to 4.3.10 Description: A Remote Code Execution issue exists in the Message module of the Admidio Application. This is due to the lack of file extension verification, allowing malicious files to be uploaded to the server...

9.3CVSS8.7AI score0.01245EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.6 views

PT-2024-27265 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to send a POST request to the endpoint '/opengnsys/images/M Icons.php' and modify the file extension due to a lack of file extension verification. This results in a...

8.8CVSS7.3AI score0.00765EPSS
Exploits0References5
Prion
Prion
added 2021/12/27 6:15 p.m.12 views

Cross site scripting

Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...

3.5CVSS5.3AI score0.00887EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/12/27 6:5 p.m.24 views

CVE-2021-43855 Stored XSS via SVG in Requarks/wiki

Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...

8.2CVSS7.9AI score0.00887EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/09/14 11:40 a.m.28 views

CVE-2021-36581

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server...

9.7AI score0.01543EPSS
Exploits0References1
Prion
Prion
added 2020/05/20 7:15 p.m.20 views

Unrestricted file upload

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...

7.2CVSS7.5AI score0.00455EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2007/07/26 7:30 p.m.23 views

Design/Logic Flaw

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...

6.8CVSS8.2AI score0.01165EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/07/26 7:30 p.m.18 views

CVE-2007-4026

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...

6.8CVSS7.7AI score0.01165EPSS
Exploits0References4
CVE
CVE
added 2007/07/26 7:0 p.m.47 views

CVE-2007-4026

CVE-2007-4026 affects the Epesi framework prior to 0.8.6. The issue: improper verification of file extensions during the gallery images upload feature, enabling remote attackers to upload and execute arbitrary PHP code via unspecified vectors. Documents do not provide explicit exploit steps or af...

6.8CVSS7.7AI score0.01165EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder