CVE-2026-8272

CVE-2026-8272 affects D-Link DNS-320 firmware 2.06B01 and targets the webfile_mgr.cgi component. The vulnerability arises from manipulation of file operations (delete/rename/copy/move/chmod/chown), enabling OS command injection via remote input. Publicly released exploit details exist, and exploi...

WordPress Redirection for Contact Form 7 plugin <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload vulnerability

Unauthenticated Arbitrary File Copy via movefiletoupload vulnerability discovered by LionTree in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.7...

CVE-2025-14800

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'movefiletoupload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the...

EUVD-2025-204668

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'movefiletoupload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the...

CVE-2025-14800 Redirection for Contact Form 7 <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'movefiletoupload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the...

CVE-2025-14800

CVE-2025-14800 affects the WordPress plugin Redirection for Contact Form 7 (WP cf7-redirect) up to version 3.2.7. Root cause: missing file-type validation in move_file_to_upload, enabling an unauthenticated attacker to copy arbitrary files; if allow_url_fopen is On, remote file upload is possible...

CVE-2025-64047

CVE-2025-64047 affects OpenRapid RapidCMS 1.3.1 and is described as vulnerable to Cross Site Scripting (XSS) in the endpoint /user/user-move.php. The connected Red Hat, ENISA ENISA EUVD, NVD, OSV, CNNVD, CVE/CVEs listings, and vuln enrichment sources, all confirm a XSS issue for this version. The...

CVE-2023-22629

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem...

DEBIAN-CVE-2024-49859

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomicfile in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fsiocsetpinfile, f2fsmovefilerange, and f2fsdefragmentrange missed to check atomicwrite status, which may cause potential race issue, fix it...

CVE-2023-22629

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem...

PT-2023-18596 · Unknown · Titan Sftp

Name of the Vulnerable Software and Affected Versions: TitanFTP versions 1.94.1205 and earlier Description: The issue concerns a path traversal vulnerability in the newPath parameter of the move-file function. This allows an authenticated attacker to upload any file and then move it to any locati...

South River Technologies TitanFTP NextGen 路径遍历漏洞

South River Technologies TitanFTP NextGen South River Technologies Titan FTP NextGen is a natively supported cluster for high availability and failover SFTP/ FTP server. A security vulnerability exists in South River Technologies TitanFTP NextGen version 1.94.1205 and prior versions, which stems...

GHSA-49WM-4FP6-H59C OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type

OctoPrint prior to version 1.8.3 is vulnerable to Unrestricted Upload of File with Dangerous Type. Due to misconfiguration in move file functionality, an attacker could easily change the file extension of an uploaded malicious file disguised as a .gcode file. Version 1.8.3 contains a patch...

Mellow Fish YetiShare SQL Injection Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A SQL injection vulnerability exists in the accountmovefileinfolder.ajax.php file in Mellow Fish YetiShare version 3.5.2. The vulnerability stems from a database-based application that lacks validation of...

CVE-2019-19734

accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...

CVE-2019-7174

Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...

Turn off XP protection. Replace explorer. exe-vulnerability warning-the black bar safety net

Author: open Source: open's blog In the even of a VPC on the test. No more test. Even not call the dllcache directory. You like it Quote: Turn off XP protection. 替换 explorer.exe Copyright C 2 0 0 8 bbs.secdst.net program Project1; uses Windows,TlHelp32; function LowerCaseconst S: string: string;...