CVE-2026-28525

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

OPENSUSE-SU-2026:20058-1 Security update for go-sendxmpp

This update for go-sendxmpp fixes the following issues: Changes in go-sendxmpp: - Update to 0.15.1: Added Add XEP-0359 Origin-ID to messages requires go-xmpp = v0.2.18. Changed HTTP upload: Ignore timeouts on disco IQs as some components do not reply. - Upgrades the embedded golang.org/x/net to...

Security update for go-sendxmpp (important)

openSUSE Security Update: Security update for go-sendxmpp Announcement ID: openSUSE-SU-2025:0483-1 Rating: important References: 1251461 1251677 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

Security update for go-sendxmpp (moderate)

openSUSE Security Update: Security update for go-sendxmpp Announcement ID: openSUSE-SU-2025:0332-1 Rating: moderate References: 1241814 Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: openSUS...

Path traversal

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...

DEBIAN-CVE-2023-0662

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

CVE-2020-15239

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

CVE-2020-15239

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

Directory traversal

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

CVE-2020-15239

Summary: CVE-2020-15239 affects xmpp-http-upload prior to version 0.4.0. The issue allows directory traversal via GET requests to read ".data" files paired with ".meta" JSON metadata, enabling information disclosure and potentially bypassing access controls in multi-instance deployments. The ".da...

CVE-2020-15239 Directory Traversal in xmpp-http-upload

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

Novatek NT9665X HTTP Upload Firmware Update Vulnerability

Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version “RoavA1SWV1.9”. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT...

PHP PEAR HTTP_Upload Arbitrary File Upload Vulnerability

PEAR is a framework for reusable php components for distributed systems. An arbitrary file upload vulnerability exists in PHP PEAR HTTPUpload, which can be exploited by an attacker to upload arbitrary files and execute arbitrary code...

16 HTTP Upload Tool (download.php) Information Disclosure Vulnerability

No description provided by source. Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the...

HTTP Upload Tool - download.php Information Disclosure

HTTP Upload Tool - download.php Information Disclosure Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sani...

HTTP Upload Tool (download.php) Information Disclosure Vulnerability

No description provided by source. Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the...

HTTP Upload Tool - 'download.php' Information Disclosure

Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the file being requested. This allows an...

HTTP Upload Tool (download.php) Information Disclosure Vulnerability

Exploit for unknown platform in category web applications ==================================================================== HTTP Upload Tool download.php Information Disclosure Vulnerability ==================================================================== Target: HTTP Upload Tool For PHP 1...