VulnCheck KEV: CVE-2023-2523

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobileuploadsave. The manipulation of the argument uploadquwan leads to unrestricted upload. The attack may be launched...

EUVD-2026-24550

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

CVE-2026-5512

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

CVE-2026-5512

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

CVE-2026-5512

CVE-2026-5512 describes an improper authorization vulnerability in GitHub Enterprise Server where an authenticated attacker could determine private repository names by numeric ID via the mobile upload policy API endpoint. The issue arises from a failure to perform an early authorization check and...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

PT-2026-34211

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper authorization issue exists where an authenticated attacker can determine the names of private repositories using their numeric ID. This occurs because the mobile upload...

EUVD-2013-5061

Malware in sbrugna...

CVE-2023-2523

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobileuploadsave. The manipulation of the argument uploadquwan leads to unrestricted upload. The attack may be launched...

PT-2023-2943 · Unknown · Weaver E-Office

Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: The issue is related to the absence of restrictions on file uploads in the App/Ajax/ajax.php?action=mobile upload save component of the Weaver E-Office platform. This allows a remote attacker to upload...

Weaver E-Office 代码问题漏洞

Weaver E-Office is a collaborative office system from China's Panmicro Technology Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from the presence of an unknown function in App/Ajax/ajax.php?action=mobileuploadsave, which leads to unrestricted uploads via th...

CVE-2013-5221

The CVE-2013-5221 issue affects Esri ArcGIS for Server (versions 10.1–10.2) via the mobile-upload feature. Remote authenticated users who have publisher or administrator privileges can upload executable (.exe) files, representing an unrestricted file upload risk. The reported impact is limited to...

PT-2013-5454 · Esri · Esri Arcgis For Server

Name of the Vulnerable Software and Affected Versions: Esri ArcGIS for Server versions 10.1 through 10.2 Description: The mobile-upload feature in Esri ArcGIS for Server allows remote authenticated users to upload .exe files by leveraging publisher or administrator privileges. Recommendations: Fo...

ngeo Mobile Upload Manager Remote File Upload Vulnerability

Exploit for php platform in category web applications -------------------------------------------------------------------+ Exploit Title : ngeo Mobile Upload Manager Remote File UpLoad Date : 27-5-2012 Author : Dr.SiLnT HilL Version : all Dork : "Mobile Upload Manager" Tested on : Window xp , pc3...