51 matches found
CVE-2025-65473
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...
EUVD-2014-0834
Malware in sbrugna...
EUVD-2002-1935
Malware in sbrugna...
Malicious code in test-mlw2-filer-zoism (npm)
The package test-mlw2-filer-zoism was found to contain malicious code...
MAL-2025-35338 Malicious code in test-mlw2-filer-zoism (npm)
The package test-mlw2-filer-zoism was found to contain malicious code...
CVE-2024-11404
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3...
CVE-2002-1956
ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the abstractsqlstore.go component. An attacker can manipulate SQL queries and access or alter database information without proper authorization by injecting malicious SQL statements. Remediation Upgrade...
Arbitrary File Upload
djangofiler is vulnerable to Arbitrary file upload. The vulnerability is due to improper input validation and the lack of neutralization of script-related HTML tags in django Filer, allows attackers to upload files with dangerous types and manipulate input data, leading to stored XSS...
danceschool-dancervax (>=0.1.1 <=0.1.5), django-danceschool (>=0.9.1 <=0.9.3) +5 more potentially affected by CVE-2024-11404 via django-filer (=3.0.3)
django-filer PYPI version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on django-filer and may be impacted: - danceschool-dancervax =0.1.1, =0.9.1, =0.2.0.0, =1.16.0, =2.7.1 Source cves: CVE-2024-11404 Source advisory:...
Arbitrary File Upload
Overview django-filer is an A file management application for django that makes handling of files and images a breeze. Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload mechanism allowing, by default, the upload of binary or unknown file types...
GHSA-J4V3-WWWX-5GQV Django Filer Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3....
aldryn-events (>=1.1.1 <=2.0.0), aldryn-forms (>=3.0.4 <=3.0.5) +38 more potentially affected by CVE-2024-11404 via django-filer (>=0.9.9 <=3.0.3)
django-filer PYPI version =0.9.9, =1.1.1, =3.0.4, =1.1.1, =0.2.0, =0.1.1, =0.1.1, =1.4.3, =0.1.0, =0.6.2, =0.0.1, =0.1.0, =0.3.1 - django-imagedeck =0.3.3 and more Source cves: CVE-2024-11404 Source advisory: OSV:GHSA-J4V3-WWWX-5GQV...
CVE-2024-11404
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3...
CVE-2024-11404
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3...
CVE-2024-11404
CVE-2024-11404 : Affected software is Django Filer (used with Django CMS). The vulnerability is an Unrestricted Upload of File with Dangerous Type and Stored XSS caused by input data manipulation and improper neutralization of script-related HTML tags. Impact is stored XSS with potential data han...
CVE-2024-11404 File Upload Bypass in django Filer
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3...
CVE-2024-11404 File Upload Bypass in django Filer
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3...
Django Filer 代码问题漏洞
Django Filer is an open source file management application for Django from the Django CMS Association. A code issue vulnerability exists in Django Filer version 3 up to and including version 3.3, which stems from allowing unlimited uploads of dangerous types of files, improper input validation, a...
PT-2024-16962
Name of the Vulnerable Software and Affected Versions django Filer versions 3.0 through 3.2 Description The issue is related to an Unrestricted Upload of File with Dangerous Type, Improper Input Validation, and Improper Neutralization of Script-Related HTML Tags in a Web Page, which can lead to...