8 matches found
CVE-2026-54414
FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...
EUVD-2026-37993
FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...
PT-2026-50842
Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.16.0 Description A path traversal issue exists in the shared-folder upload endpoint '/api/folder/uploadToSharedFolder.php'. The FolderController validates the upload filename using basename and REGEX FILE NAME, but...
PT-2026-45036
Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folder uuid URL paramete...
CVE-2024-27115
A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...
Description of the Office 2010 update: September 13, 2011
Description of the Office 2010 update: September 13, 2011 INTRODUCTION Microsoft has released an update for Microsoft Office 2010. This update provides the latest fixes for the 32-bit and the 64-bit editions of Office 2010. Additionally, this update contains stability and performance improvements...
EAFlashUpload Remote File Upload Vulnerability
Exploit for php platform in category web applications -------------------------------------------------------------------+ Exploit Title : EAFlashUpload Remote File Upload Date : 27-5-2012 Author : Dr.SiLnT HilL Version : 2.6 Dork : inurl:"EAFlashUpload" Download :...