41 matches found
CVE-2018-14441
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadActionfileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type...
EUVD-2015-0976
Malware in sbrugna...
EUVD-2018-4034
Malware in sbrugna...
EUVD-2012-2653
Malware in sbrugna...
CVE-2020-23138
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension eg- .exe to the web server by providing image data and the image/jpeg content type with a .php extension...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the imx-jpeg driver accessing an array out of bounds when parsing jpeg, which could cause the kernel to cras...
CVE-2020-36141
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header...
CVE-2020-23138
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension eg- .exe to the web server by providing image data and the image/jpeg content type with a .php extension...
CVE-2019-10276
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type...
CVE-2018-19463
zbsystem/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zbsystem/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP b...
CVE-2018-19463
Z-BlogPHP
UltimatePOS Arbitrary File Upload Vulnerability
UltimatePOS is a sales management system. The system supports inventory management, sales management and invoice management. An arbitrary file upload vulnerability exists in UltimatePOS version 2.5, which can be exploited to upload arbitrary files and execute commands by sending a POST request to...
CVE-2018-17139
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type...
CVE-2018-17139
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type...
CVE-2018-16388
e107web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type...
Design/Logic Flaw
e107web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type...
CVE-2018-16388
e107web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type...
Moderate severity vulnerability that affects paperclip
Withdrawn, accidental duplicate publish. The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrat...
Design/Logic Flaw
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadActionfileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type...
CVE-2018-12051
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type...