CVE-2020-27304

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mghandleformrequest API. Web applications that use the file upload form handler, and use parts of the user-controlled...

PHP 7.4.x < 7.4.6 Denial of Service Vulnerability

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.31, 7.3.x prior to 7.3.18 or 7.4.x prior to 7.4.6. It is, therefore, affected by a denial of service DoS vulnerability in its HTTP file upload component due to a failure to cle...

PHP 7.3.x < 7.3.18 Denial of Service Vulnerability

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.31, 7.3.x prior to 7.3.18 or 7.4.x prior to 7.4.6. It is, therefore, affected by a denial of service DoS vulnerability in its HTTP file upload component due to a failure to cle...

PHP 7.2.x < 7.2.31 / 7.3.x < 7.3.18, 7.4.x < 7.4.6 Denial of Service (DoS)

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.31, 7.3.x prior to 7.3.18 or 7.4.x prior to 7.4.6. It is, therefore, affected by a denial of service DoS vulnerability in its HTTP file upload component due to a failure to cle...

EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)

require 'msf/core' class MetasploitModule 'EMC CMCNE FileUploadController Remote Code Execution', 'Description' = %q This module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition MSFLICENSE, 'Author' = 'james fitts' , 'References' = 'ZDI', '13-279' ,...

ManageEngine Desktop Central StatusUpdate Arbitrary File Upload Exploit

This module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 including the MSP versions. A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version ...

Silentum Uploader 1.4.0 - Remote File Deletion

Vendor: http://hypersilence.net Versions: Silentum Uploader 1.4.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=2 ---- Due to insufficient validation of client-side data, we can alter the path of files to be...

CVE-2007-2563

Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control UFileUploaderD.dll allows remote attackers to execute arbitrary code via a long argument...

Buffer overflow

Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control UFileUploaderD.dll allows remote attackers to execute arbitrary code via a long argument...

CVE-2007-2563

CVE-2007-2563: Buffer overflow in the AddFile function of VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote code execution via a long argument. Affected component: UFileUploaderD.dll ActiveX control. Impact (per NVD): remote, unauthenticated exploitation with complete...

Versalsoft HTTP File Upload ActiveX 6.36 (AddFile) Remote DoS Exploit

Exploit for unknown platform in category dos / poc ===================================================================== Versalsoft HTTP File Upload ActiveX 6.36 AddFile Remote DoS Exploit ===================================================================== 2007/05/07...