CVE-2024-8699 Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2025-1182)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RuvarOA id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /SysManage/sysblogtemplatenew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...

Simple Photo Gallery Arbitrary File Upload Vulnerability

Simple Photo Gallery is a simple gallery web application. An arbitrary file upload vulnerability exists in Simple Photo Gallery v1.0, which stems from the application's lack of validation of uploaded files. The vulnerability can be exploited to remotely execute arbitrary code by uploading malicio...

CVE-2022-3416 WPtouch < 4.3.45 - Admin+ Arbitrary File Upload

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...