9 matches found
EUVD-2012-3411
Malware in sbrugna...
PT-2025-27094 · Unknown · Serped.Net
Name of the Vulnerable Software and Affected Versions: SERPed.net versions n/a through 4.6 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a...
CVE-2024-52515
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended...
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2020-6870
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network...
PT-2024-9995 · Drupal +1 · Drupal Core +1
Name of the Vulnerable Software and Affected Versions: Drupal Core versions 10.0.0 through 10.2.9 Description: A vulnerability in Drupal Core allows file manipulation. This issue is related to weaknesses in handling error situations, which could allow a remote attacker to impact the integrity of...
PT-2022-4598 · Huawei · Huawei Headset
Name of the Vulnerable Software and Affected Versions: Huawei headset products affected versions not specified Description: The issue concerns an out-of-bounds read and write vulnerability. An attacker, with physical access to the device, can craft a malformed message with a specific parameter an...
Debian DSA-518-1 : kdelibs - unsanitised input
iDEFENSE identified a vulnerability in the Opera web browser that could be used by remote attackers to create or truncate arbitrary files on the victims machine. The KDE team discovered that a similar vulnerability exists in KDE. A remote attacker could entice a user to open a carefully crafted...
bug
Hi, I'm reposting a bug I've found some time before. Thanks WebStore from www.cgicentral.net is a shopping cart allowing users to buy things on-line. One of the scripts in the package, wsmail.cgi unsafely passes user-submitted data to 'system' command: if $in'terminate' eval system"kill $in'kill'...