EUVD-2026-18657

An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...

CVE-2026-26477

A flaw was found in Dokuwiki. A remote attacker can exploit this vulnerability by utilizing the mediauploadxhr function within the media.php file. This can lead to a denial of service DoS...

CVE-2026-26477

An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...

CVE-2026-26477

Summary: CVE-2026-26477 affects Dokuwiki (version 2025-05-14b, Librarian). The vulnerability arises in the media_upload_xhr() function within media.php, enabling a remote attacker to cause a denial of service. Affected component: Dokuwiki media handling, specifically media.php’s media_upload_xhr(...

DokuWiki 安全漏洞

DokuWiki is an open-source, easy-to-use and versatile wiki software developed by DokuWiki. Version 2025-05-14b of DokuWiki contains a security vulnerability. This vulnerability stems from improper handling of the mediaUploadXHR function in the media.php file, which may lead to denial-of-service...

EUVD-2016-7444

Malware in sbrugna...

CVE-2025-9397

A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public...

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...

Education Time Indonesian School CRM 1.7 SQL Injection

==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

Information Disclosure

Wordpress is vulnerable to Information Disclosure. The vulnerability exists in the wpprepareattachmentforjs function in media.php where a remote attacker can modify the parameter authorname as part of a request to /wp-json/oembed/1.0/embed?url which would lead to path disclosure...

sjelesorgogveiledning.no XSS vulnerability

Open Bug Bounty ID: OBB-639582 Description| Value ---|--- Affected Website:| sjelesorgogveiledning.no Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

duluthgospeltab.org XSS vulnerability

Open Bug Bounty ID: OBB-613483 Description| Value ---|--- Affected Website:| duluthgospeltab.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ebchurch.net XSS vulnerability

Open Bug Bounty ID: OBB-611011 Description| Value ---|--- Affected Website:| ebchurch.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2016-9891

Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...

Dotclear Directory Traversal Vulnerability

Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A directory traversal vulnerability exists in the media.php script in Dotclear version v2.9.1. An attacker can exploit this vulnerability by sending a request with the directory...

Nucleus 3.61 - Multiple Remote File Include

No description provided by source. Nucleus v3.61 === Multiple Remote File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/nucleuscms/ ========================================= nucleus3.61/action.php?DIRLIBS=y0ur g4y sh3ll????????????? 13. / 14...

Jinzora <= 2.1 (media.php) Remote File Include Vulnerability

No description provided by source. Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...