13 matches found
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
EUVD-2023-43249
Malicious code in bioql PyPI...
EUVD-2023-43248
Malicious code in bioql PyPI...
CVE-2025-4898
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file updatesystem.php of the component Logo File Handler. The manipulation of the argument oldlogo leads to path traversal. The...
PT-2025-21866 · Sourcecodester · Sourcecodester Student Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A critical issue has been identified, affecting the unlink function of the update system.php file in the Logo File Handler component. The manipulation of the old logo...
CVE-2023-39538
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...
CVE-2023-39538
CVE-2023-39538 concerns AMI AptioV BIOS where an attacker with local access can trigger an unrestricted upload of a BMP Logo file deemed dangerous, potentially affecting confidentiality, integrity, and availability. The vulnerability stems from BMP logo handling in AMI AptioV BIOS and has been di...
CVE-2023-39538 Failure when uploading a Logo image file
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...
CVE-2023-39539 Failure when uploading a Logo image file
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...
Path traversal
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter...
CVE-2019-14521
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter...
Webiness Inventory 2.9 Shell Upload Exploit
Exploit for php platform in category web applications Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName =...
CVE-2008-1790
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability...