13 matches found
EUVD-1999-0851
Malware in sbrugna...
EUVD-2020-4566
Malware in sbrugna...
EUVD-2012-5537
Malware in sbrugna...
CVE-2015-10135 WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...
CVE-2025-48953
Umbraco is an ASP.NET content management system CMS. Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and...
CVE-2022-22530
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being...
CVE-2021-21245
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...
CVE-2021-38753
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app...
CVE-2024-40693
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing furth...
TYPO3 doesn't properly check file extensions
The 1 file upload component and 2 File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file...
CVE-2020-24408
CVE-2020-24408 affects Magento 2.4.0 and 2.3.5p1 (and earlier); it is a stored/persistent XSS in the file upload component that allows an unauthenticated attacker to have their injected JavaScript executed in other users’ contexts once a victim browses the uploaded file. The description in the co...
Adblock Blocker 0.0.1 - Arbitrary File Upload
The addblockblocker WordPress plugin was affected by an Arbitrary File Upload security vulnerability...
CVE-2004-0614
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size...