Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

MiracleLinux 7 : ImageMagick-6.7.8.9-13.el7 (AXSA:2016-233:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-233:02 advisory. ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD imag...

CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...

CVE-2023-3160

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions...

TEAMPLUS Team+ 安全漏洞

TEAMPLUS Team+ is an enterprise private cloud communication and collaboration platform from China Interactive Ares TEAMPLUS. A security vulnerability exists in TEAMPLUS Team+ that stems from incorrect validation of specific page parameters, which allows a remote attacker with administrator...

CVE-2023-3160

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions...

ESET Eset Endpoint Antivirus and Eset Server Security Security Vulnerabilities

ESET Eset Endpoint Antivirus and Eset Server Security are both products of ESET Slovakia.Eset Endpoint Antivirus is an on-premise and cloud-based anti-malware and security suite for small, medium and large organizations. Used for anti-malware, remote management, endpoint security, file security,...

CVE-2020-0480

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution privileges needed...

File Upload Vulnerability in Siemens Automation License Manager

Siemens Automation License Manager ALM is a software that centrally manages license keys for various Siemens software products. A file upload vulnerability exists in Siemens Automation License Manager. A remote attacker could use the vulnerability to send specially crafted packets to upload files...

ImageMagick: File moving

It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an...

ImageMagick Studio ImageMagick Arbitrary File Move Vulnerability

ImageMagick Studio ImageMagick is the United States a set of open source image processing software. ImageMagick Studio A security vulnerability in ImageMagick's MSL encoder allows remote attackers to build malicious images, upload and move arbitrary files...

WordPress media-file-manager-advanced Plugin Multiple Vulnerabilites

No description provided by source. Post Delete http://domain.tld/wp-admin/admin-ajax.php?action=mfmarelocatordelete post: id=17 MKDIR http://domain.tld/wp-admin/admin-ajax.php?action=mfmarelocatormkdir newdir=EVEXFOLDER folder exists: http://domain.tld/wp-contents/uploads/EVEXFOLDER RMDIR Dir Mus...

Media File Manager Advanced <= 1.1.5 - Multiple Vulnerabilites

Media File Manager Advanced suffers from executing administrator actions by any authenticated user due to weak permissions checking. An attacker is able to delete/update posts, Creating/Removing/Listing Directories, Moving/Renaming/Deleting Files, Blind SQL Injection and Cross-Site Scripting. Pos...