6 matches found
CVE-2026-1532
CVE-2026-1532 affects D-Link DCS-700L v1.03.09. The vulnerability is in the Music File Upload Service, specifically the uploadmusic function in /setUploadMusic, where manipulating the UploadMusic argument can trigger path traversal. Exploitation appears feasible within a local network, and public...
EUVD-2026-4849
A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the loc...
EUVD-2025-3976
Malicious code in bioql PyPI...
CVE-2023-28158
Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user...
PT-2023-2336 · Apache · Apache Archiva
Name of the Vulnerable Software and Affected Versions: Apache Archiva affected versions not specified Description: The issue is related to privilege escalation via stored cross-site scripting XSS using the file upload service to upload malicious content. This can be exploited by authenticated use...
Rio Karma MP3 Player File Upload Service Detection
The remote device seems to be a Rio Karma MP3 player, running the Rio Kama file upload service. Make sure the use of such network devices are done in accordance with your corporate security policy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...