15 matches found
CVE-2018-18890
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete= with an invalid filename...
EUVD-2008-1688
Malware in sbrugna...
EUVD-2012-3380
Malware in sbrugna...
EUVD-2014-8817
Malware in sbrugna...
EUVD-2021-0569
Malware in sbrugna...
EUVD-2004-2247
Malware in sbrugna...
EUVD-2019-4483
Malware in sbrugna...
EUVD-2024-35878
Malicious code in bioql PyPI...
EUVD-2022-30474
Malicious code in bioql PyPI...
CVE-2025-5966
CVE-2025-5966 affects Zohocorp ManageEngine Exchange Reporter Plus versions 5722 and earlier. The vulnerability is a Stored XSS in the Attachments by filename keyword report, enabling script execution when a crafted filename is processed by the report feature. The issue is confirmed across multip...
CVE-2025-48369
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...
CVE-2025-48369 GroupOffice vulnerable to Stored XSS in Tasks Comment Section
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...
CVE-2019-17320
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename...
CVE-2024-12074
A Denial of Service DoS vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large...
CVE-2024-36079
An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...