Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1562)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1562 advisory. Whitespace padding in filenames bypasses file upload extension checks NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w CVE-2026-33691 Tenable has extracted the...

OWASP CRS 安全漏洞

OWASP CRS is a set of open-source attack detection rules developed by the CRS Project. Versions prior to OWASP CRS 3.3.9 and 4.25.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of standardization in file extension checks for spaces, which could lead to bypassing...

LDAP Account Manager 安全漏洞

LDAP Account Manager LAM is an open-source web frontend for managing entries stored in LDAP directories, such as users, groups, and DHCP settings. Prior to version 9.5 of LDAP Account Manager, there was a security vulnerability due to the PDF export component not properly verifying the file...

Horilla code issue vulnerabilities

Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla prior to 1.5.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of checks for file extensions and content types when updating profile photos, which could lead to...

CVE-2026-21625

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening...

EUVD-2017-6742

Malware in sbrugna...

Chamilo v1.11.24 Unrestricted File Upload PHP Webshell

Chamilo LMS is a free software e-learning and content management system. In versions prior to use exploit/linux/http/chamilobiguploadwebshell msf exploitchamilobiguploadwebshell show targets ...targets... msf exploitchamilobiguploadwebshell set TARGET msf exploitchamilobiguploadwebshell show...

PT-2024-15022 · FFmpeg +1 · Ffmpeg +1

Name of the Vulnerable Software and Affected Versions: FFmpeg affected versions not specified Description: A flaw was found in FFmpeg's HLS demuxer, allowing bypassing of unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file...

CVE-2022-24984

Forms generated by JQueryForm.com before 2022-02-05 if file-upload capability is enabled allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content...

GHSA-H352-G5VW-3926 Improper Input Validation in fruity

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

Converting `NSString` to a String Truncates at Null Bytes

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

SAP Process Integration 代码问题漏洞

SAP Process Integration is middleware from SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems outside the company. A vulnerability exists in the Integration Builder Framework for SAP Process Integration versions 7.10, 7.11, 7.20, 7.30,...

OPENSUSE-SU-2020:0220-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Nextcloud was updated to 15.0.14: - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused...

CVE-2005-2885

The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as...

CVE-2005-1956

File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '' six tildes, which bypasses the file extension checks...