14 matches found
EUVD-2016-8853
Malware in sbrugna...
EUVD-2017-7974
Malware in sbrugna...
EUVD-2022-3756
Malicious code in bioql PyPI...
EUVD-2022-3722
Malicious code in bioql PyPI...
CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...
CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...
PT-2023-23955 · Craft Cms · Craft Cms
Name of the Vulnerable Software and Affected Versions: Craft CMS versions prior to 4.4.6 Description: The issue is related to an unrestricted file extension that may lead to Remote Code Execution. In the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...
WordPress SP Project And Document Remote Code Execution Exploit
This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php,...
Unrestricted file upload
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc"...
ONLYOFFICE Document Server File Extension Handling Vulnerability
ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. ONLYOFFICE Document Server suffers from a file extension handling vulnerability that can be exploited by an attacker requesting data to control file...
ONLYOFFICE Document Server File Extension Handling Vulnerability (CNVD-2021-17248)
ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A file extension handling vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to remotely execute...
CVE-2020-35112
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...
CVE-2002-1745
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files...
CVE-2002-1776
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed th...