CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

CVE-2026-46392 HAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

Mozilla Firefox 3.0.10 (KEYGEN) Remote Denial of Service Exploit

No description provided by source. ===8=================== Original Nachrichtentext =================== From the very-low-hanging-fruit-department Firefox Denial of Service KEYGEN Release mode: Forced release. Ref : TZO-27-2009 - Firefox Denial of Service KEYGEN WWW :...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS...